6b38d94f69769322bfc36d9b0351c86eb5f86c945afc5191aff13d85a2ace960

Analysis

max time kernel
119s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcde2a4ca1991d2dd627cc0735b81070N.exe
Size

468KB
MD5

fcde2a4ca1991d2dd627cc0735b81070
SHA1

bb4747b9b7b74c54fdae97c8c446306f9e96fced
SHA256

6b38d94f69769322bfc36d9b0351c86eb5f86c945afc5191aff13d85a2ace960
SHA512

ee7970e4a217c7824aa5f4ecf8044d098717f7303cfffe4159adccb85aad65fecc1ae43cfeb63febe789dc4406bd534bbdb3722b4d7b60d149538f2e3adc539c
SSDEEP

3072:L1EhogLday8Ukb/sPz5WfZXcfzj4I8JnmHe5OVpYi2s3L1dNC1lV:L1So9LUkYP1WfZtxPVi2iJdNC

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4728	Unicorn-45013.exe
2488	Unicorn-15813.exe
1468	Unicorn-44956.exe
4880	Unicorn-44645.exe
5048	Unicorn-57452.exe
2424	Unicorn-5650.exe
2336	Unicorn-11780.exe
880	Unicorn-30629.exe
3908	Unicorn-30629.exe
2784	Unicorn-14027.exe
1620	Unicorn-26501.exe
1532	Unicorn-12766.exe
2028	Unicorn-44604.exe
4572	Unicorn-44604.exe
3592	Unicorn-61219.exe
1000	Unicorn-16805.exe
5056	Unicorn-18542.exe
4284	Unicorn-18808.exe
4908	Unicorn-19685.exe
4696	Unicorn-65356.exe
5100	Unicorn-16155.exe
3736	Unicorn-36021.exe
3760	Unicorn-59763.exe
5024	Unicorn-19301.exe
1120	Unicorn-13170.exe
592	Unicorn-63413.exe
2304	Unicorn-45551.exe
4816	Unicorn-39686.exe
812	Unicorn-40563.exe
804	Unicorn-45816.exe
2760	Unicorn-20949.exe
3212	Unicorn-40165.exe
1936	Unicorn-50371.exe
4156	Unicorn-47571.exe
4332	Unicorn-36635.exe
4324	Unicorn-39973.exe
1952	Unicorn-38904.exe
760	Unicorn-38904.exe
4692	Unicorn-38904.exe
1256	Unicorn-19723.exe
3420	Unicorn-39589.exe
3756	Unicorn-3387.exe
1892	Unicorn-18654.exe
3576	Unicorn-38520.exe
4152	Unicorn-38520.exe
2676	Unicorn-30267.exe
3008	Unicorn-33074.exe
1552	Unicorn-39132.exe
1784	Unicorn-28187.exe
2880	Unicorn-14804.exe
2640	Unicorn-47020.exe
2768	Unicorn-196.exe
1820	Unicorn-48940.exe
4576	Unicorn-49205.exe
5000	Unicorn-16341.exe
4080	Unicorn-19221.exe
1160	Unicorn-48364.exe
3636	Unicorn-51628.exe
2300	Unicorn-10290.exe
1628	Unicorn-63548.exe
912	Unicorn-1762.exe
4724	Unicorn-56901.exe
3764	Unicorn-40373.exe
2456	Unicorn-22811.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6068	1628	WerFault.exe	153

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30129.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15348	dwm.exe
Token: SeChangeNotifyPrivilege	15348	dwm.exe
Token: 33	15348	dwm.exe
Token: SeIncBasePriorityPrivilege	15348	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1928	fcde2a4ca1991d2dd627cc0735b81070N.exe
4728	Unicorn-45013.exe
2488	Unicorn-15813.exe
1468	Unicorn-44956.exe
4880	Unicorn-44645.exe
5048	Unicorn-57452.exe
2424	Unicorn-5650.exe
2336	Unicorn-11780.exe
3908	Unicorn-30629.exe
880	Unicorn-30629.exe
1620	Unicorn-26501.exe
2784	Unicorn-14027.exe
1532	Unicorn-12766.exe
4572	Unicorn-44604.exe
2028	Unicorn-44604.exe
3592	Unicorn-61219.exe
1000	Unicorn-16805.exe
5056	Unicorn-18542.exe
4908	Unicorn-19685.exe
4696	Unicorn-65356.exe
4284	Unicorn-18808.exe
5024	Unicorn-19301.exe
3736	Unicorn-36021.exe
5100	Unicorn-16155.exe
3760	Unicorn-59763.exe
1120	Unicorn-13170.exe
592	Unicorn-63413.exe
4816	Unicorn-39686.exe
2304	Unicorn-45551.exe
812	Unicorn-40563.exe
804	Unicorn-45816.exe
2760	Unicorn-20949.exe
3212	Unicorn-40165.exe
4156	Unicorn-47571.exe
4692	Unicorn-38904.exe
1952	Unicorn-38904.exe
4324	Unicorn-39973.exe
760	Unicorn-38904.exe
4332	Unicorn-36635.exe
1936	Unicorn-50371.exe
3756	Unicorn-3387.exe
3576	Unicorn-38520.exe
1892	Unicorn-18654.exe
4152	Unicorn-38520.exe
3420	Unicorn-39589.exe
2676	Unicorn-30267.exe
1552	Unicorn-39132.exe
1256	Unicorn-19723.exe
3008	Unicorn-33074.exe
1784	Unicorn-28187.exe
2880	Unicorn-14804.exe
2640	Unicorn-47020.exe
2768	Unicorn-196.exe
1820	Unicorn-48940.exe
4576	Unicorn-49205.exe
5000	Unicorn-16341.exe
3636	Unicorn-51628.exe
2300	Unicorn-10290.exe
1160	Unicorn-48364.exe
4080	Unicorn-19221.exe
1628	Unicorn-63548.exe
912	Unicorn-1762.exe
3764	Unicorn-40373.exe
4724	Unicorn-56901.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 4728	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	89
PID 1928 wrote to memory of 4728	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	89
PID 1928 wrote to memory of 4728	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	89
PID 4728 wrote to memory of 2488	4728	Unicorn-45013.exe	92
PID 4728 wrote to memory of 2488	4728	Unicorn-45013.exe	92
PID 4728 wrote to memory of 2488	4728	Unicorn-45013.exe	92
PID 1928 wrote to memory of 1468	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	93
PID 1928 wrote to memory of 1468	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	93
PID 1928 wrote to memory of 1468	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	93
PID 2488 wrote to memory of 4880	2488	Unicorn-15813.exe	95
PID 2488 wrote to memory of 4880	2488	Unicorn-15813.exe	95
PID 2488 wrote to memory of 4880	2488	Unicorn-15813.exe	95
PID 1468 wrote to memory of 2336	1468	Unicorn-44956.exe	96
PID 1468 wrote to memory of 2336	1468	Unicorn-44956.exe	96
PID 1468 wrote to memory of 2336	1468	Unicorn-44956.exe	96
PID 4728 wrote to memory of 5048	4728	Unicorn-45013.exe	97
PID 4728 wrote to memory of 5048	4728	Unicorn-45013.exe	97
PID 4728 wrote to memory of 5048	4728	Unicorn-45013.exe	97
PID 1928 wrote to memory of 2424	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	98
PID 1928 wrote to memory of 2424	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	98
PID 1928 wrote to memory of 2424	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	98
PID 2424 wrote to memory of 3908	2424	Unicorn-5650.exe	101
PID 2424 wrote to memory of 3908	2424	Unicorn-5650.exe	101
PID 2424 wrote to memory of 3908	2424	Unicorn-5650.exe	101
PID 2336 wrote to memory of 880	2336	Unicorn-11780.exe	102
PID 2336 wrote to memory of 880	2336	Unicorn-11780.exe	102
PID 2336 wrote to memory of 880	2336	Unicorn-11780.exe	102
PID 1928 wrote to memory of 2784	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	103
PID 1928 wrote to memory of 2784	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	103
PID 1928 wrote to memory of 2784	1928	fcde2a4ca1991d2dd627cc0735b81070N.exe	103
PID 4728 wrote to memory of 1620	4728	Unicorn-45013.exe	104
PID 4728 wrote to memory of 1620	4728	Unicorn-45013.exe	104
PID 4728 wrote to memory of 1620	4728	Unicorn-45013.exe	104
PID 1468 wrote to memory of 1532	1468	Unicorn-44956.exe	105
PID 1468 wrote to memory of 1532	1468	Unicorn-44956.exe	105
PID 1468 wrote to memory of 1532	1468	Unicorn-44956.exe	105
PID 5048 wrote to memory of 4572	5048	Unicorn-57452.exe	106
PID 5048 wrote to memory of 4572	5048	Unicorn-57452.exe	106
PID 5048 wrote to memory of 4572	5048	Unicorn-57452.exe	106
PID 4880 wrote to memory of 2028	4880	Unicorn-44645.exe	107
PID 4880 wrote to memory of 2028	4880	Unicorn-44645.exe	107
PID 4880 wrote to memory of 2028	4880	Unicorn-44645.exe	107
PID 2488 wrote to memory of 3592	2488	Unicorn-15813.exe	108
PID 2488 wrote to memory of 3592	2488	Unicorn-15813.exe	108
PID 2488 wrote to memory of 3592	2488	Unicorn-15813.exe	108
PID 1620 wrote to memory of 1000	1620	Unicorn-26501.exe	109
PID 1620 wrote to memory of 1000	1620	Unicorn-26501.exe	109
PID 1620 wrote to memory of 1000	1620	Unicorn-26501.exe	109
PID 4728 wrote to memory of 5056	4728	Unicorn-45013.exe	110
PID 4728 wrote to memory of 5056	4728	Unicorn-45013.exe	110
PID 4728 wrote to memory of 5056	4728	Unicorn-45013.exe	110
PID 880 wrote to memory of 4284	880	Unicorn-30629.exe	111
PID 880 wrote to memory of 4284	880	Unicorn-30629.exe	111
PID 880 wrote to memory of 4284	880	Unicorn-30629.exe	111
PID 3908 wrote to memory of 4908	3908	Unicorn-30629.exe	112
PID 3908 wrote to memory of 4908	3908	Unicorn-30629.exe	112
PID 3908 wrote to memory of 4908	3908	Unicorn-30629.exe	112
PID 2336 wrote to memory of 4696	2336	Unicorn-11780.exe	113
PID 2336 wrote to memory of 4696	2336	Unicorn-11780.exe	113
PID 2336 wrote to memory of 4696	2336	Unicorn-11780.exe	113
PID 2424 wrote to memory of 5100	2424	Unicorn-5650.exe	114
PID 2424 wrote to memory of 5100	2424	Unicorn-5650.exe	114
PID 2424 wrote to memory of 5100	2424	Unicorn-5650.exe	114
PID 2784 wrote to memory of 3736	2784	Unicorn-14027.exe	115

C:\Users\Admin\AppData\Local\Temp\fcde2a4ca1991d2dd627cc0735b81070N.exe
"C:\Users\Admin\AppData\Local\Temp\fcde2a4ca1991d2dd627cc0735b81070N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        9⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
        9⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        7⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63594.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        7⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        7⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        9⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        9⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        9⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        9⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        7⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        5⤵
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45924.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        5⤵
        
        PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        9⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        9⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        9⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
        7⤵
        
        PID:17740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        6⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        7⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        7⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        5⤵
        
        PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        7⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        6⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39028.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        7⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        6⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        5⤵
        
        PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        7⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        6⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        7⤵
        
        PID:32
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32182.exe
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        5⤵
        
        PID:12208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        9⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        9⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        8⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32513.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        7⤵
        
        PID:16476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        9⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        7⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        6⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        7⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33493.exe
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        7⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        7⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        7⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64546.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        5⤵
        
        PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        6⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        5⤵
        
        PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        5⤵
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        9⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
        9⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21106.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        8⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        6⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30403.exe
        8⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        7⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
        6⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        7⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        6⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        6⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55763.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        6⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        5⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        5⤵
        
        PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
      4⤵
      PID:9732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4583.exe
      4⤵
      PID:16672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 728
        5⤵
        Program crash
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        5⤵
        
        PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
      4⤵
      PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
      4⤵
      PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
      4⤵
      PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        7⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        6⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
        5⤵
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
      4⤵
      PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        5⤵
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
      4⤵
      PID:12324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
      4⤵
      PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
    3⤵
    PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
      4⤵
      PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
    3⤵
    PID:9428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
    3⤵
    PID:13940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
    3⤵
    PID:15592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44956.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        9⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        9⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        9⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        7⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        7⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        8⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58830.exe
        8⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        7⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36945.exe
        6⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42027.exe
        7⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        5⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10339.exe
        8⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        7⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        6⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        7⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        5⤵
        
        PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        5⤵
        
        PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
      4⤵
      PID:17100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        6⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11748.exe
        7⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        8⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        8⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        7⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        6⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        7⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        7⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41715.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46251.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        5⤵
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3959.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
        6⤵
        
        PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43195.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        5⤵
        
        PID:712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        6⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
      4⤵
      PID:10068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        6⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        7⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        5⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        5⤵
        
        PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
      4⤵
      PID:14180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        6⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        5⤵
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        5⤵
        
        PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
      4⤵
      PID:10192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        5⤵
        
        PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
      4⤵
      PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
      4⤵
      PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
      4⤵
      PID:15812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
      4⤵
      PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
    3⤵
    PID:10132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
    3⤵
    PID:14912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        9⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        8⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        6⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
        6⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        7⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        7⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7386.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        5⤵
        
        PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
      4⤵
      PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
        5⤵
        
        PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
      4⤵
      PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
        7⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        6⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        6⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        6⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
      4⤵
      PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
      4⤵
      PID:16424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
      4⤵
      PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        5⤵
        
        PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
      4⤵
      PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
      4⤵
      PID:16268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
      4⤵
      PID:14864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
    3⤵
    PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
    3⤵
    PID:10364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
    3⤵
    PID:13480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
    3⤵
    PID:16416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        8⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        7⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        7⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43443.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
      4⤵
      PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      4⤵
      PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
      4⤵
      PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        5⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
      4⤵
      PID:11300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
      4⤵
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
    3⤵
    PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
      4⤵
      PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
    3⤵
    PID:11880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11348.exe
      4⤵
      PID:64
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60373.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9063.exe
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        5⤵
        
        PID:13972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
      4⤵
      PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
      4⤵
      PID:16692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        6⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
      4⤵
      PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
      4⤵
      PID:15820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33934.exe
    3⤵
    PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
      4⤵
      PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
      4⤵
      PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
    3⤵
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
    3⤵
    PID:15728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
      4⤵
      PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
      4⤵
      PID:15980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
    3⤵
    PID:13756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
    3⤵
    PID:1028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
  2⤵
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
      4⤵
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
      4⤵
      PID:15828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
    3⤵
    PID:14052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
    3⤵
    PID:6060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
  2⤵
  PID:6312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
    3⤵
    PID:11064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
  2⤵
  PID:9536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
  2⤵
  PID:17316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1628 -ip 1628
1⤵
PID:5768

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe

Filesize
468KB

MD5
8015c54405e0a65d300c44b036d93ef6

SHA1
875263deb7f231493d9d444477deb61846a4aaff

SHA256
64ee8e439bf07fdbe0ac0f03eb82cf37368e5969b7ebff7ccac42a0041efc8d6

SHA512
cf6d5ab1db19bfb5a3e6173f36b0c6aae3bde5b4a0ed62ea70658e0347d768dfd78fa9faea61a61fb93f41e44c9a375775eea9fe3e80a29ec0fb69412796b686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe

Filesize
468KB

MD5
22f69ece2bde8b58c00ef418c00b9e00

SHA1
72cf58fd382e85e4250ef305caf52f40a014fc70

SHA256
559c625aa515de9fcb49b5fb814b068c83aba20a48717e9764c3886e31881a03

SHA512
a4cb343254b68743697f59ea279be2e3387566cc9f608ff2b1eb7d0a975ac8229ce710afef4618c2d3f835733691a16bc5ebfb6aaee9c9280c96243e275badbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe

Filesize
468KB

MD5
d8d448c2dbc2590e52cb6d614c9f03e9

SHA1
7bcad48472237f639ab040f0670f792705ebeea7

SHA256
7cdf10a1e4f124e0a03db46a0224bff079058c63e49352a861aa803c090f5730

SHA512
1ac304e198e32a961123394e7af913f104eabd6593f1df28b85b50a3f79985165698952946f8c190aa602e0e5d55288f1dc2476e810ae1d6b15d86924d81b4b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe

Filesize
468KB

MD5
3100ebbfd0ab23fedc5280a279a5c960

SHA1
aa45aae1f2367f5b4d85d326fb272efebc38d444

SHA256
674c6a9396f4515845ae59ef73344d45ebd4cefc6636b61a0d8b6fd8dd55ede1

SHA512
05b23f334cdedb4abe37de8de46baa57bc51af0a6b583e9059f62af8e9c53cc37769985f4cf91c6338c8b6ad0a12374fec8bc750e7380622d0f9091813ecc7e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe

Filesize
468KB

MD5
41dc6a6ec34eeed083ddcbbb9b11731c

SHA1
3b1bc5d7f1fafa7be600794e3ebd0010c6e689f1

SHA256
b911ed56b688d15648678349001f905c288212126a3232d45aef2c0ee31d23ee

SHA512
45d18e9246cf85b26a2abcfba6c7930ffb140fe3ab8cb25440ba77129ef22caa21889575b44cfc2e17b15c65277b63daaf4d7595fec3a690256403701de727c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe

Filesize
468KB

MD5
854509bd5bba89cf99585520321b6ff1

SHA1
82851841eda29fd2026906169781b972f601c613

SHA256
e82651a88559f06aad2b435f6febbd104b1bf30d25589b3b777c92f64b80ffc7

SHA512
8eac3f0676b6e68d71a38e1f064fba5706caa1bf971db699bd3e06f3d73613d0f50d239a5da4a425beeaaaf3dd38a83727d50fca52c00388e3f267b9b0953fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe

Filesize
468KB

MD5
5d8b43ff91b1ef100e43ff677bd35e29

SHA1
b36561bbf5ffb7706270c81199cb3333bd00f814

SHA256
f6546ac17e0fa9010c593c2abbb39f9e61cc054bd71fd331def2c22c4600307b

SHA512
8257d969f07021f794f01a3bd12c23dc91c6810b630925561b8d4eedd701bef3afee8c319f2c6f3047b2a9f29d803e1160a530e8fbb9f89d07423a401f772b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe

Filesize
468KB

MD5
ad02e9c742efc66954520a7ba8dcc90d

SHA1
fc07d6ab717ae2a325f6419032f0d98a00db1c03

SHA256
3d35007ac7f9ca155fe50cf445ad9d3dad8cee65c766425f62c2b7a09ef3ff87

SHA512
78d91f059f6455b169935d9a79034c9e9eba8d24b1fb37208582f3c3414fab0bc91bf25b774514a62d4707d5ab9fe77406f22a9c23a5115f9210801786783eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe

Filesize
468KB

MD5
e7c1ec8e2331ca4527a748ffd2f72bea

SHA1
36f96e7183ba84475780dd2a7b191d9b29217bcd

SHA256
01ff2fe9f422c6d9f8c59b2483912d2dd5dc16cca4f7acad406f324ee782e390

SHA512
53ce7a588e61b23ecdeccf5495d523af090a45c9204d2ec02a9936d84ba1b4604b82f9f848525f00ce733665b0f7b9c8704dec1b0533cbe0dc009bb498348a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe

Filesize
468KB

MD5
b2abf12a44fe6b411800bb589c15a773

SHA1
f355c95f62567608b70ca6f310fd85212632e954

SHA256
13a8b1f00999033841f4f6dd48b3d415b69f73e4752afa55cd6f2d8c20bc1a6f

SHA512
b0bf3b6c5f61b743f937e3d48406d828410ccb588ff1d04ad4b21865a1ae8194208182807957d77f2919e8875f8fd31f58a0e385e52c7ba701b507cb089284d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19301.exe

Filesize
468KB

MD5
32d60245636bcd6fc9637fdf3586c5e1

SHA1
e4d9f38890b6b9ad7bef2ee1d29f60f08f5d1980

SHA256
e356162185f79f32e25529d957cbc6620ec80a8fcf65d8bf8f1fc71903d9b0d4

SHA512
a0802b9e4a89df809e64ce8963e60a584803c2b4ea6b02194505c2d3736ca85fdad68edf61b7c190b7616ff545f4b9fa921b97bdabc8c764c2e8839f9c5fb6de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe

Filesize
468KB

MD5
d93515cdbb45a8b3bebc41dd837a8b4a

SHA1
9cbc057681459adbe3834ff8044ec8a2ca74a106

SHA256
d5b95f062b999a19ffc2b0a1215d773725878390d7511944173dd8dce44715f8

SHA512
fe103a1471134ac1ade154aabd6ebc8c10fbfdef15a3affb77b8848d532b338efea231e98605fca4877dc2450ad1120eef794c82da5a1e967a71b7d38c12cbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe

Filesize
468KB

MD5
ec7d0c3f815a403b2ae51c0f5dd99e65

SHA1
562bb64e3a157bd56fc28a3ca317047d204b0d5f

SHA256
ff2e1cf5f4b1154c13bcda65ba65d03330ccef96359308d4a9f31e3b8f33d033

SHA512
e025be2c6986ebfebef226d870c11a1b547682b456550d54edab1695bf494f69347612891ec6f5be935bbdc24cf4db49ed9b3b680a403df20d08a6d314c372f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe

Filesize
468KB

MD5
9e49a6b57301f2833aeb118e125a414f

SHA1
065b6354f9f1c743cf9525d94f3c36c405cf085f

SHA256
91c102d85c87806900982fa907a74aadf4c5e06411023b7225a1be72b433e467

SHA512
a6c34946787cfd9b7f8fd7ad3beca0a98c93ead43a43734bfefc1d70d6217ef52cfef2637fef59119afdf53d3db7c5f812e886ae831a342d2c0771b5ed7503c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe

Filesize
468KB

MD5
e2710a27bd01825fe3c76cc182e0e0f4

SHA1
a6736df2160a7f10447fa7b17e6c333b4afc2fc5

SHA256
2d535775d714ea7ba1496cd19280252bed08a885f1e64b08989da87260dbf1fd

SHA512
c7546f967fafb8a5c3b956d9d73a4ffc9366c1c5d2a3aea8b66ab2806604d3aa321fbcd50ac9b248e63aaaca7acd969a06e49382a557954d1ee50c68177ca231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe

Filesize
468KB

MD5
9fa7badb6da03c8620bd125e589bf311

SHA1
a89a0e2e95054e5b9b00a23bd890790d9b7db521

SHA256
694d37e4bfedc10eb09daefc28452b20c977e92840e4003b7f502f4f416c689b

SHA512
805464f8ddf7760d2b873f336b856ee45ee80dc70f35f637ae640264ba033dee5bbf96659be2906f9ac9becf1105a7bb930f8854297fcb42a68d70218a721cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39686.exe

Filesize
468KB

MD5
deeb30c7ed289e5470e6cae46a2d8f32

SHA1
995597f2d483d09706d53f6f2a1893ebf0a2ac3e

SHA256
2318834d4be8b42ef2b4e16ca2ef0a89d8d82def60440faedc08529e90d8f556

SHA512
f8e846e950c722711eb5425afd4636c0de9c04fae7673194506dd72c71b86ed0a2da032cb127d1e453e1eb4f74f03faf0a427507486b217c318b635589126380

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe

Filesize
468KB

MD5
bd1c0783b1aa0d0648a2d6001c509f66

SHA1
5c1d5034f1497f8e3ff9904e37ab91a978d8dd93

SHA256
e8dd2f9d6fb4814a9466dc5160fb5fd1f63ecdb97feb357e07cca705c2ca7f40

SHA512
25fe45483ed109854033ddbd7ca667e4a016307dbedcb673405f8fe057496a74ab2d2a55b9d4041f38b89782379d56c78469b3f643f7627d172712af8768efdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe

Filesize
468KB

MD5
b1b188b02f00d7e25c9175705402a6e3

SHA1
7dd73a93e54e6514f735f18b690fcbb4eaebeeb4

SHA256
f17b386f0a02f1b57675386c4b3fb5b328e571265a5cd5847ae49ee177f09d82

SHA512
16e811987245fcf22cf7c9ee0da8b7e94a571ff803d6381f8546eb1bdebf4e1d1bd3e27c726689c3789f527708b7d6d5b4cdd45f6867be38bb733b8818d289f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe

Filesize
468KB

MD5
94d5ac189278f842b0e78a84f226b7d9

SHA1
a6ca8adeed94e36078fc68eaea6ddc39fa697986

SHA256
f1024b0aac3ee3df5c552ae5267164a022f3ca37713d0dcd43643888e8360f99

SHA512
a662f9acafa82c33f10ca0dad0d048e630b2ba9852fa29a5cf249d72f4e6f7983fb6038a1399434e89e37d279f03457f54508f1b6c54d74e12a1d3780a29ece5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe

Filesize
468KB

MD5
02a6392fef34b3db7ca83ff93c92f5cb

SHA1
7dceb77fab939c3436a1a2d2d84e77000d21a608

SHA256
4aaa6fff96b43b528d09e185dd4fb8a3883921900593c64d77adf7fa5888a283

SHA512
ee7b9869a94f4683e615f384abc8bee4935295442506287d8a543c52e9d2db52c94824e2f0c69f2045d96c32b27cf38568537ff8812dfba879d50c0c20400d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44956.exe

Filesize
468KB

MD5
12c8137a5d90cdd1238867f240b16e47

SHA1
71567704633b9463e3db19c584a3b765194d58cf

SHA256
bc958634f0e859ce721aafea98bfa0e9d1e056ecc0bb77fab9b504b710c5681d

SHA512
33e03a11e622fdf1a7a1147ce10f13ea214de7d0bc7a5cd63f3ccabc8befdea6ade370de7e06ddcab352678eb288a6bc08d3e7e9e45a36156ef5ae1993b5967d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe

Filesize
468KB

MD5
f45ccac723a03f9b94ea64b5c1bf3b36

SHA1
0e1dbb1fcfb07d017fe6bcb007d6255fb3658b9e

SHA256
6766101da3697b9a6b4d2d1ef45a187717d03ffbc654f4d6e4788585b09b8c37

SHA512
170ec598c218e746e286c37e989a6ba26f1a2c0ec55bedcf4b6f0cc7a3e73fcf1b83e516ff6084a222761c9db8e4201370f144df7765dffdd234dc7f7b318049

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe

Filesize
468KB

MD5
ef00f9d92c3a3b28aaf58fb4bc546a54

SHA1
e8f42fae78e7fb215c82a4e356f72de23fb41d33

SHA256
c44d44efd27382d06a6d9c855639c4bd4967a4b10fdec3b0a5638bb48224d2d8

SHA512
37be41b2803028752ca3a9ec7055ae9a2a6a28008b1c67dc357726a36abd402d72e27b8113878609edfe3520d15eb7431f0ef7e554bbc83de310f1547bd0f4ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe

Filesize
468KB

MD5
db80a86dc4a0814aad1cdce550ab7ebb

SHA1
012dfb509209202a2a6736be3a04944447369a24

SHA256
0e30d6f95a3661056feddfc729cc894e4a6dc201b53d34e578653cdb6fe97825

SHA512
a3db5ad335a54f54ac086f0010916f65bb9b7684dd1cf7bd03ebc61caeca21fda42dba391b9202f5d8ae141d4acc86a7577b14016b75d562756bed5b50c9732f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe

Filesize
468KB

MD5
62d49a68d71aecc442f39f58e5d2a7e2

SHA1
ac1f04023108a00ffd741bc96172a19e7141eb45

SHA256
5424c5f22f523ea735aea9c7468b3f1780f8b4d1b5a386120c4d65c26da87ca4

SHA512
30c3fc7cd1c99bf4ee8ca681b1038c9fb8829a154b29010ba9ccbddf8ce5866ed254bb10e3515e59477d79c8bbd6d7874e32791435e31286bcf82c168a9c6114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe

Filesize
468KB

MD5
51dfe913a1e03096d7b8fbdaeb0f34b3

SHA1
ddded36546c9ec927e4c7b9a9f58f051f6115a98

SHA256
a214a5bb22986b145cedf14c66d3cccf5df7d7e562e163bd7749169590a75fee

SHA512
9eecce71abc7c7fc017c1be01be58b10e6e7991e78642f82729cc493dc4b22b60e3e6844b180fd313a21994673b83f26dbd7468e6d8fec1a4a6ad0390a9b00a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe

Filesize
468KB

MD5
9c48e8b5c7596c4121bb92998af8e6cd

SHA1
6b6a86d1d69325290ff60b24765f83238c1d84c7

SHA256
6a0d8451988fc014e4a7ea02b64f6c7fef2978fc84e010c44f07ecf0c34d6a11

SHA512
dbe616ec92ea76d8c308dc46270c433830df9e9476528f18509eb76c8f298c305b4ba8a5145a7be055a5fcd1f80d557015519232db918c50b534075fa2c7d8bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe

Filesize
468KB

MD5
48cf9c8283fb9508015b7abfe9e788a9

SHA1
1bfee5208a7e4bf941f3eb8f2d4e480b003af8b1

SHA256
d11e62b541f435691f7ef47dfd63a8ad153a7b1c9072b9c4bc07546d48fa8286

SHA512
edc7cb9ec6fb8feda7c237fdbbf0ba5cf541e425b48b2e8056f677ec488f617c727a0a3afb35fd26ac2667a436c060414ded415eb233e2130ed36ed5234953dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe

Filesize
468KB

MD5
be1611d72b1421b066cd5b51f0a1f907

SHA1
1566170b54b482268936c6af3fd4ca28da0a9a5c

SHA256
a204363567d393c758b63b3dad6dcd6c96724ee0135c986144c3fe9267676cde

SHA512
38cd3897fb11e7e2554853db51ff2998699e95a30e404f5383bc53a06ddc1486e29d1b9f121ceebbd21e47a2dbc0551c12ca5b4cbaab0bd1e22f728e0a9029c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe

Filesize
468KB

MD5
788697d638637b890cecfae2511dcc69

SHA1
e2923345d192fe33d5f8ed08847df59f8fac358d

SHA256
de80c03490a802ea8663530aed2a60ad3160cb489bdaabe0ea039e327c872410

SHA512
ea664c8ba707c1cf94465f0a35279306d1ae190e5d1fc694d1ed02d2f9f0978dfc05aed55cf1dd786a79df11f1e068ccc1d2018201002b256760d52984fe3264

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe

Filesize
468KB

MD5
89836ea65e4d77d8a7453a248080c57e

SHA1
24f66d4002c094be7bacb2942354db524447a1d6

SHA256
402ce7dd77a5558d470f9cdbfd6c0e6e0bd042b2e4c6fdb61a0f59776be11edd

SHA512
0432bfb9e460fd706c747b9e5450d8c45d351c3d7b251b42b2263e1ba64304d2131ec27823d5b3986fb380f6fb406276d53690de2e9912abeaae8294f4e84df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe

Filesize
468KB

MD5
7df8bd937b71766b4ccb44bdd57943ea

SHA1
4b39d3d4bf311fc597627637360536e092421c68

SHA256
16fe3656e6898b6237bcca4a3134b804cf0db75711ed3a2e981a07ec36765151

SHA512
6b12f52fb8d5add4b4597b4845417cdd3a07514de9e96d420ab53bba7c893e643f33f2ff9675df886ad6c89b2c4036555fb52afe56528930328690e2ba6c8725

Download Submit
memory/64-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/592-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/760-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/812-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/880-59-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/912-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1160-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1256-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1468-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1628-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1928-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2424-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2924-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3212-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3420-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3592-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3756-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3760-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3764-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4068-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4572-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4692-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4696-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4724-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5100-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5256-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5316-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5344-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5404-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5412-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-480-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5428-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5436-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5572-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5596-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5836-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5852-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5868-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5916-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5968-588-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5976-584-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5984-595-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13800-2584-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13972-2543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14888-2592-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15240-2596-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads