9eff54d6b8cbd7cd5db7187064760fdbbeeebe420cc6cbff581f039cebca16b8

Analysis

max time kernel
120s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e2605596ca1fa8f5504544e0d3a78b0N.exe
Size

468KB
MD5

2e2605596ca1fa8f5504544e0d3a78b0
SHA1

cc79aaa99f2fc6d48c47d440345aa5126a938386
SHA256

9eff54d6b8cbd7cd5db7187064760fdbbeeebe420cc6cbff581f039cebca16b8
SHA512

9ed9c5f25d572718c621e4e12781a549b414009b5b2336447aa80b8074f898c8a5ea5e42a176bc4f2fb9c2aedb3acbf99478d8675337fec7049d3ddb6bf37c88
SSDEEP

3072:dF9aogBRj28U2bYnPz3yqf8/oCbryOplBmH8vTHYyp++gTBNBblI:dFUoiXU28PDyqf1e/0ypZSBNB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
384	Unicorn-61214.exe
4080	Unicorn-13129.exe
3736	Unicorn-19906.exe
4072	Unicorn-20312.exe
3628	Unicorn-51038.exe
4752	Unicorn-11328.exe
2680	Unicorn-25063.exe
2252	Unicorn-62880.exe
376	Unicorn-16372.exe
536	Unicorn-54712.exe
1120	Unicorn-19902.exe
2316	Unicorn-1327.exe
4856	Unicorn-7192.exe
3356	Unicorn-53129.exe
4860	Unicorn-1188.exe
572	Unicorn-56440.exe
4760	Unicorn-7794.exe
116	Unicorn-37774.exe
2212	Unicorn-7139.exe
840	Unicorn-43996.exe
3188	Unicorn-30160.exe
2016	Unicorn-26705.exe
4372	Unicorn-43896.exe
4356	Unicorn-50026.exe
2056	Unicorn-35636.exe
676	Unicorn-21438.exe
3760	Unicorn-56803.exe
4604	Unicorn-10866.exe
4040	Unicorn-36404.exe
4832	Unicorn-40580.exe
3932	Unicorn-8355.exe
1108	Unicorn-29330.exe
2636	Unicorn-30722.exe
5004	Unicorn-34897.exe
2816	Unicorn-19024.exe
1568	Unicorn-23514.exe
2516	Unicorn-54240.exe
2356	Unicorn-62408.exe
4492	Unicorn-37639.exe
4452	Unicorn-56933.exe
1744	Unicorn-36320.exe
960	Unicorn-45880.exe
4204	Unicorn-16834.exe
4632	Unicorn-43742.exe
4948	Unicorn-43742.exe
3276	Unicorn-8931.exe
3604	Unicorn-34204.exe
2040	Unicorn-55801.exe
4060	Unicorn-15730.exe
3800	Unicorn-25743.exe
2300	Unicorn-22943.exe
1368	Unicorn-25743.exe
1040	Unicorn-31874.exe
5076	Unicorn-31609.exe
4272	Unicorn-42734.exe
2400	Unicorn-12008.exe
3956	Unicorn-56954.exe
1828	Unicorn-52870.exe
2564	Unicorn-26228.exe
3488	Unicorn-47395.exe
2792	Unicorn-1723.exe
4836	Unicorn-20097.exe
4536	Unicorn-55563.exe
4340	Unicorn-9626.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3180	4604	WerFault.exe	120
9480	8868	WerFault.exe	396

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e2605596ca1fa8f5504544e0d3a78b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3721.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15996	dwm.exe
Token: SeChangeNotifyPrivilege	15996	dwm.exe
Token: 33	15996	dwm.exe
Token: SeIncBasePriorityPrivilege	15996	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe
384	Unicorn-61214.exe
4080	Unicorn-13129.exe
3736	Unicorn-19906.exe
4072	Unicorn-20312.exe
4752	Unicorn-11328.exe
3628	Unicorn-51038.exe
2680	Unicorn-25063.exe
2252	Unicorn-62880.exe
376	Unicorn-16372.exe
3356	Unicorn-53129.exe
1120	Unicorn-19902.exe
2316	Unicorn-1327.exe
4856	Unicorn-7192.exe
536	Unicorn-54712.exe
4860	Unicorn-1188.exe
572	Unicorn-56440.exe
4760	Unicorn-7794.exe
116	Unicorn-37774.exe
840	Unicorn-43996.exe
2212	Unicorn-7139.exe
676	Unicorn-21438.exe
4372	Unicorn-43896.exe
4604	Unicorn-10866.exe
2056	Unicorn-35636.exe
4356	Unicorn-50026.exe
3760	Unicorn-56803.exe
3188	Unicorn-30160.exe
4040	Unicorn-36404.exe
4832	Unicorn-40580.exe
3932	Unicorn-8355.exe
1108	Unicorn-29330.exe
2636	Unicorn-30722.exe
5004	Unicorn-34897.exe
2816	Unicorn-19024.exe
1568	Unicorn-23514.exe
2516	Unicorn-54240.exe
2356	Unicorn-62408.exe
4492	Unicorn-37639.exe
4452	Unicorn-56933.exe
1744	Unicorn-36320.exe
960	Unicorn-45880.exe
4204	Unicorn-16834.exe
4208	Unicorn-60078.exe
4948	Unicorn-43742.exe
3276	Unicorn-8931.exe
3604	Unicorn-34204.exe
4632	Unicorn-43742.exe
4060	Unicorn-15730.exe
2040	Unicorn-55801.exe
2300	Unicorn-22943.exe
4272	Unicorn-42734.exe
1040	Unicorn-31874.exe
3800	Unicorn-25743.exe
5076	Unicorn-31609.exe
2400	Unicorn-12008.exe
1368	Unicorn-25743.exe
3956	Unicorn-56954.exe
2564	Unicorn-26228.exe
2792	Unicorn-1723.exe
1828	Unicorn-52870.exe
628	Unicorn-3761.exe
4836	Unicorn-20097.exe
4536	Unicorn-55563.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 384	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	90
PID 4436 wrote to memory of 384	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	90
PID 4436 wrote to memory of 384	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	90
PID 384 wrote to memory of 4080	384	Unicorn-61214.exe	92
PID 384 wrote to memory of 4080	384	Unicorn-61214.exe	92
PID 384 wrote to memory of 4080	384	Unicorn-61214.exe	92
PID 4436 wrote to memory of 3736	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	93
PID 4436 wrote to memory of 3736	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	93
PID 4436 wrote to memory of 3736	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	93
PID 3736 wrote to memory of 4072	3736	Unicorn-19906.exe	96
PID 3736 wrote to memory of 4072	3736	Unicorn-19906.exe	96
PID 3736 wrote to memory of 4072	3736	Unicorn-19906.exe	96
PID 4080 wrote to memory of 3628	4080	Unicorn-13129.exe	97
PID 4080 wrote to memory of 3628	4080	Unicorn-13129.exe	97
PID 4080 wrote to memory of 3628	4080	Unicorn-13129.exe	97
PID 384 wrote to memory of 4752	384	Unicorn-61214.exe	98
PID 384 wrote to memory of 4752	384	Unicorn-61214.exe	98
PID 384 wrote to memory of 4752	384	Unicorn-61214.exe	98
PID 4436 wrote to memory of 2680	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	99
PID 4436 wrote to memory of 2680	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	99
PID 4436 wrote to memory of 2680	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	99
PID 4072 wrote to memory of 2252	4072	Unicorn-20312.exe	100
PID 4072 wrote to memory of 2252	4072	Unicorn-20312.exe	100
PID 4072 wrote to memory of 2252	4072	Unicorn-20312.exe	100
PID 3736 wrote to memory of 376	3736	Unicorn-19906.exe	101
PID 3736 wrote to memory of 376	3736	Unicorn-19906.exe	101
PID 3736 wrote to memory of 376	3736	Unicorn-19906.exe	101
PID 3628 wrote to memory of 536	3628	Unicorn-51038.exe	102
PID 3628 wrote to memory of 536	3628	Unicorn-51038.exe	102
PID 3628 wrote to memory of 536	3628	Unicorn-51038.exe	102
PID 2680 wrote to memory of 1120	2680	Unicorn-25063.exe	103
PID 2680 wrote to memory of 1120	2680	Unicorn-25063.exe	103
PID 2680 wrote to memory of 1120	2680	Unicorn-25063.exe	103
PID 384 wrote to memory of 2316	384	Unicorn-61214.exe	104
PID 384 wrote to memory of 2316	384	Unicorn-61214.exe	104
PID 384 wrote to memory of 2316	384	Unicorn-61214.exe	104
PID 4436 wrote to memory of 4856	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	105
PID 4436 wrote to memory of 4856	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	105
PID 4436 wrote to memory of 4856	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	105
PID 4080 wrote to memory of 3356	4080	Unicorn-13129.exe	106
PID 4080 wrote to memory of 3356	4080	Unicorn-13129.exe	106
PID 4080 wrote to memory of 3356	4080	Unicorn-13129.exe	106
PID 4752 wrote to memory of 4860	4752	Unicorn-11328.exe	107
PID 4752 wrote to memory of 4860	4752	Unicorn-11328.exe	107
PID 4752 wrote to memory of 4860	4752	Unicorn-11328.exe	107
PID 2252 wrote to memory of 572	2252	Unicorn-62880.exe	108
PID 2252 wrote to memory of 572	2252	Unicorn-62880.exe	108
PID 2252 wrote to memory of 572	2252	Unicorn-62880.exe	108
PID 4072 wrote to memory of 4760	4072	Unicorn-20312.exe	109
PID 4072 wrote to memory of 4760	4072	Unicorn-20312.exe	109
PID 4072 wrote to memory of 4760	4072	Unicorn-20312.exe	109
PID 376 wrote to memory of 116	376	Unicorn-16372.exe	110
PID 376 wrote to memory of 116	376	Unicorn-16372.exe	110
PID 376 wrote to memory of 116	376	Unicorn-16372.exe	110
PID 3736 wrote to memory of 2212	3736	Unicorn-19906.exe	111
PID 3736 wrote to memory of 2212	3736	Unicorn-19906.exe	111
PID 3736 wrote to memory of 2212	3736	Unicorn-19906.exe	111
PID 3356 wrote to memory of 840	3356	Unicorn-53129.exe	112
PID 3356 wrote to memory of 840	3356	Unicorn-53129.exe	112
PID 3356 wrote to memory of 840	3356	Unicorn-53129.exe	112
PID 4856 wrote to memory of 676	4856	Unicorn-7192.exe	113
PID 4436 wrote to memory of 2016	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	115
PID 4436 wrote to memory of 2016	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	115
PID 4436 wrote to memory of 2016	4436	2e2605596ca1fa8f5504544e0d3a78b0N.exe	115

C:\Users\Admin\AppData\Local\Temp\2e2605596ca1fa8f5504544e0d3a78b0N.exe
"C:\Users\Admin\AppData\Local\Temp\2e2605596ca1fa8f5504544e0d3a78b0N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        10⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        10⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        9⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        9⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        9⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        9⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        8⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        9⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        9⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        9⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
        8⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        9⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23596.exe
        9⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        8⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        7⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
        6⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        9⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
        9⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        8⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        8⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        7⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
        7⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        6⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        7⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56468.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        7⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        9⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe
        9⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        9⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        8⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        7⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        8⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        6⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        7⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        6⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        7⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7068.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        7⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        6⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        8⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        7⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48826.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        6⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        5⤵
        
        PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        5⤵
        
        PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26022.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        9⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        7⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        6⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44266.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
        8⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        6⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        6⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        5⤵
        
        PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
        5⤵
        
        PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31609.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        7⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
      4⤵
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        6⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9455.exe
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
      4⤵
      PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        5⤵
        
        PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51821.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
      4⤵
      PID:7520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 644
      4⤵
      Program crash
      PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22943.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60628.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        6⤵
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
      4⤵
      PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
      4⤵
      PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
    3⤵
    PID:8028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
    3⤵
    PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36722.exe
    3⤵
    PID:14568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
    3⤵
    PID:16460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        10⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        10⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        10⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        9⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        9⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        9⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        9⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        8⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        9⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        7⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        6⤵
        Executes dropped EXE
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        8⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        7⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16563.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        7⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        7⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        7⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
        7⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47281.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        6⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        5⤵
        
        PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        8⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        7⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        6⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        8⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58719.exe
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        6⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        7⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        5⤵
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        6⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1703.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27859.exe
      4⤵
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
      4⤵
      PID:17328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
        6⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
        8⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        7⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        6⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
        7⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        6⤵
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        5⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
      4⤵
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
      4⤵
      PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
      4⤵
      PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
      4⤵
      PID:14656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9751.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        6⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        5⤵
        
        PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        6⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        5⤵
        
        PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
      4⤵
      PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36253.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        5⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
        5⤵
        
        PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
      4⤵
      PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
    3⤵
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
      4⤵
      PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
      4⤵
      PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
    3⤵
    PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
      4⤵
      PID:16484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
    3⤵
    PID:10088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
    3⤵
    PID:14296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
    3⤵
    PID:15528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        8⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49160.exe
        8⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        7⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14463.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37332.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17510.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        5⤵
        
        PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        5⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
      4⤵
      PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
      4⤵
      PID:14652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63887.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        5⤵
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
      4⤵
      PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
      4⤵
      PID:17312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
        5⤵
        
        PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
      4⤵
      PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50788.exe
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
      4⤵
      PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
      4⤵
      PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
      4⤵
      PID:16684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
    3⤵
    PID:9064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
    3⤵
    PID:12576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        6⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 212
        7⤵
        Program crash
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        6⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        5⤵
        
        PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        5⤵
        
        PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
      4⤵
      PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        5⤵
        
        PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
      4⤵
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
      4⤵
      PID:15952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
    3⤵
    PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
      4⤵
      PID:15712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
    3⤵
    PID:10096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7882.exe
    3⤵
    PID:14316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
    3⤵
    PID:16588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-768.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51941.exe
      4⤵
      PID:13952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
    3⤵
    PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
      4⤵
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      4⤵
      PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
      4⤵
      PID:16216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4825.exe
    3⤵
    PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
    3⤵
    PID:14800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
    3⤵
    PID:15960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
    3⤵
    PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        5⤵
        
        PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
      4⤵
      PID:12520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
      4⤵
      PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe
    3⤵
    PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45361.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
      4⤵
      PID:16512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
    3⤵
    PID:10116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
    3⤵
    PID:13844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
    3⤵
    PID:15744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
  2⤵
  PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
    3⤵
    PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
      4⤵
      PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
    3⤵
    PID:11328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
    3⤵
    PID:14660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
    3⤵
    PID:14864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
  2⤵
  PID:8388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
  2⤵
  PID:11724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
  2⤵
  PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4604 -ip 4604
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 8868 -ip 8868
1⤵
PID:8904

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe

Filesize
468KB

MD5
5b4ef5a54c43c4073a848ab2fbf45581

SHA1
c244a2d652add4be7fcb17edc21fe5dfcc6097cc

SHA256
f2b6c4a40c6b9064e54d98811adb2d95f88aff2927ef4d7427cf34f13f975c8e

SHA512
a9e665bf2a8a72fab1403b805a04da742f75cb98247cf42b7c2639ad64497ad5c0b20c9c36b2aa1f3735d0c4e3b123137952f12d097c09774f8771a22e9ea662

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe

Filesize
468KB

MD5
2056a81abcff1b26838f49c742312b72

SHA1
db9e087590b487913cdc4d06f6376506dfc6f359

SHA256
465df4116a194d36a11d0d7956189ad30c4e2b19b2edbbace290b7159add7a91

SHA512
7c287aa828d286f938525216070d4cf14c2385ea9d37787e62f134f8ac0b3e3dde90745a9e1736093a81397265f722cc58e940cf13870b30640f09b3d3a7d400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe

Filesize
468KB

MD5
a436cf7cdfd2f72c789e49fa382c9e18

SHA1
28441253f88833511976c13a9979563eaf8a3f7a

SHA256
52f101ad7926546bcdde041f2b82334f5d77050a2fe7c06983cf00f2c568b6a7

SHA512
3a25acc6c2af0e1d53d5cbcd59252e6e6597abe04df33f9758352144bc748c869508eedfa580df5bd535ec39d42bc3d37985e8f2dd27395b0ab36109ec3a619b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe

Filesize
468KB

MD5
4205eb514a1dc417b1e7dcc20969fab1

SHA1
b7c8699c0a3f4e4881c134825057f0ac5d1a91c6

SHA256
1c4005ee59be917521efa0ef0668cd963c3c899a0bbb099df3bd77e42bc2cb22

SHA512
ff084131d785528a4a97c0d4c4a5606d7cc4c5cb34945920a084f681c447a677aa9cb8371ef5292205645c9efbdc7c22910f75e715e22af268b9568769d621e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe

Filesize
468KB

MD5
1016ca5813de33ee02dcd9091c0b32bb

SHA1
f17e455eea16fe88bad2b96e82f4b811237fe13c

SHA256
7249bca91e6282dda622b611b2cd77274c646700d4bbd290c621b3f29fca8107

SHA512
64c52b6cd465e57498cff255d7297213dd81716037dd32aa4e6ac18a52e58a5f97bd55af034802cbfcb94529255ec3299d835c449f7e56a04b25476ca5dc8215

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe

Filesize
468KB

MD5
2c70cfe83697b8858aa716f14a3e4147

SHA1
9de3bc019d1328f69e19fcca3ac52fa41329eb00

SHA256
e1f9d8fda0d6d9aeb6ce20d9d0e38cc4a56ff293d6b94e49141a8901dbd54542

SHA512
75146f9dc06ddc1a18158887ceff2e2f9237b71207edafb650aec708d609d17c93f4de1e82191d9331afd00f57d06074aec69f7459487ea0bc3faa0c50fecc5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe

Filesize
468KB

MD5
cc49729ebe900a63aff24b570a5de99a

SHA1
9bf1be242f4da48b94966e663fae933301d90672

SHA256
0a76e757c73dc25a9325682fae0e0e254dadd4f310e8b311d6bc48ff677ea953

SHA512
311f087625dbe45b3dcf2ed10e5fcff05227b3d2e9e66f7a5df4b47c484a25bf2573ca63ba523c4e135d06f49d60cbc30b8a94f51d0b3d1aa1d86f08ff083147

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe

Filesize
468KB

MD5
9a8ad3048326a3ec4cb98e3d100a9f45

SHA1
70bdd6e8a274c4253d7ac22b42d508b5227485d6

SHA256
871de48b647cc73faa396f51c6a96cb9e71d9aaa56e9089004fa2725f2747db8

SHA512
829b5feef7e65940d922437c22be6cc9327825ddbabfb9ce8d9732cc33622bf8c6cd6addd3bae2cf36c8553c97f064a78aded7f8e1d602eb767b0958b6320d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20312.exe

Filesize
468KB

MD5
c37406864d70703ddc266164441337b0

SHA1
6f59c08fd75f970ddf204504069a896e0e316d12

SHA256
7e5ed2cfb5be5371f6185de8d91817460583f418478d94fd70841d75579873be

SHA512
be9d03b32bf39088e85edd7e5d2d3132e1f919d0f33e148400b2ae93dd7bfa8b81f917deeb5cb7d79a75146fb12cb8d8446eb71ccad3a7f95c08722ece9fa1d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe

Filesize
468KB

MD5
3bb960bcef86b4a4735ee1157ec5a033

SHA1
2ce0a75aacf21b55f9ab8ce5062e1b4f5b5d6d22

SHA256
cff2fe151ad1148700f3947884c4a901d664c24520712c4309cf431302ee3021

SHA512
0bfe511267df3cc15d6c9c3dea519f8abe77582c372bc3311f1c0160973a1b87cbabdef3319c452bfaa1b008065dcb954dcaba65a168d2d8ce7655a3ef8440da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe

Filesize
468KB

MD5
23ab7902774e7f02f18fa3ca76e1973d

SHA1
6b4207b3272b71f43b0c73a5e178e853e8092904

SHA256
a989ffa57199e5a9b23a100bd1b2b13e4e49d33b9b8be491b0ef5a9d99ee14b8

SHA512
19d013b192f2e42517c87eb1e9051838b18c9bad300b08cd9736398eecf5993e28a345c56cc45ddc9b105828aefe62a9307317cce7b6b3070904d0d20f9c7cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe

Filesize
468KB

MD5
bc50c7a285aeb49e55ca663847b88373

SHA1
2b38369c48484a5b9fa43a2bc001f76f1761a22b

SHA256
c7868a6e935d91730b2ad4821e6731b2dc9afd812f6b7405e42d511bee1af553

SHA512
7c4a90d7efda75a1b9f09b130388b1300800557e99cf53c128c8c4fa4d545792c8b8ab4e22607581e8299e14c2a472e9a0753d33b2d1ea7549904fcfd5826942

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe

Filesize
468KB

MD5
dfe0230c51f5a2d2cb2a904c0f1eed3a

SHA1
182abed323f2a99e1c63ae0677f341322dd5b78d

SHA256
f854febc40274c22dde2fcf23c4d09b215d0f584a477ffa302693fe5d6d57de8

SHA512
8e3bf168f60cef66af6aae6e8d785396131627b494828a7d05048be3d57c1607156669494971e3e2689ec5b923f9ebc8ca40fcced9fd91833b68485b2100497c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe

Filesize
468KB

MD5
dd298fbdcad2ba0c131b0a52a1a1e0bc

SHA1
c98bd76d2aeabbcb9dd43c0d06b3222fba306a5c

SHA256
57f9360e7c14f4a7fe6ecce5748ecf851e0dbb48efb8982d0981d49636d29fbb

SHA512
548a071f21d243bc5462cf67881dff8d1ac294f387f1aa02c55609db553d8d0b21874239a31764a7985f5ae6039248d1fd8e3c6b60bf4c1a9dc73d84d19d305f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe

Filesize
468KB

MD5
0ac6d4ce54681cb005bf0b3b58156c54

SHA1
d842390f36a5b5a4b917bd865184755833eee576

SHA256
b96715ef8fc0f2b7e9d8e9ba703f8cd00b78e6704de8d3c3ee2f9d2c8c423572

SHA512
4f6d7a024a7eb18dbc1d76f47eb148a6b8ba68094f91ce3e5ffe0373aa4cf78c1feb7c2f0819139af2919d7a44a85680250897e0c1af8c55096d65294aef0c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe

Filesize
468KB

MD5
14454882c912605db7b0f0a4c8424de7

SHA1
f8e0a53444c6ad0b45f403ddab9c6c6d69f28c56

SHA256
a74c633854fb689442d3c2fdb0d0313f6ea528ed34ede8ea2cb6ddfcfca319fe

SHA512
1cda8feb3e5036dfae601e9765bdf00b908dbf709be35d8f21c02113dad8102ee42070ea4f35834a32089e219be4ad2450fe1f43a051332dad64d5421fc623bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe

Filesize
468KB

MD5
4ce4223b9f27e61b827ba5a4ca957d5f

SHA1
41f15f2e57e97bebc42221da8a1ecc1a005a747c

SHA256
e2e479032e41d95e043dd3a01b813f0f00a7756c129396354eff2daf2b24cfe7

SHA512
1ac9a7e7c92103db94183149c924ea84dd40ebdabe7a43a8d49647c24b56cb43d23e45f3feda3d486bd1ff54894cdb8741cde619340a916d54c86162ba2e9a66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe

Filesize
468KB

MD5
9f8c7f03d354f161f9a987e1b0564494

SHA1
73695f0c37d4fdfbff8d8bbc6e0643c19f411f93

SHA256
1ff250df88c014f7a6894041978338b8880235c8aa6b13c9904f03b09036dfb1

SHA512
3d1398600763d1e1e253582bf87d3475262b4acff5f6fa1e1eeb79889fdab19834df77f4cfc8cefddfbe6550ef33fbedef13a782c1d4447a46f5c3927b82f1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe

Filesize
468KB

MD5
8079d5abf255c800b37fd732dc58682c

SHA1
24bd18ab68aea5e704bfcb8e5d24c203942cb548

SHA256
4a6d6c60071e6250defe3641cbb435ab47d0d6ae1bc16f76804a976c24f5b82a

SHA512
4b1637d5466536f05a61aeb7eabd08f3750b3bc6dc3202a39961744952be9f59ee6528074aee16b459497ac17d9cc0ace3f0d634c2bdcfabb890a4639cdeb384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe

Filesize
468KB

MD5
b736aea0442edab3dcf68adc26379776

SHA1
60d81170040f7be9d80214c7535e9c401ba9a345

SHA256
383b4abcdb86c7b0f7845289efb970ad3f01a111360cec3577d2f301c857518e

SHA512
e885c4333d2dc3ed1209e314d2b726de8c3dce2b260f4dacd4cd6cd7e80f6eaeee626a8c3f9e3a12306876a2ab7c77ff2ee0c01a9955b7bf4143d292c9630547

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe

Filesize
468KB

MD5
09558bb254e1e3983a2fd2307b5ef81a

SHA1
5c173147489732e12104cc01264d4d7e930a373e

SHA256
baf912e3c8570b5681869bac66f30884b4a56405e415301c8c3926f3832514c1

SHA512
e13c1218e2ebb17404007d64d2a7cc36a8ffdadda0245f534eea217bbb75653e361a4e2beebb6c660cc9389aff53d994e033f8cc970ff6b43dfe049f9f99ef01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe

Filesize
468KB

MD5
370d4f7df298ea868a448128bbf1b6c6

SHA1
0f9d252abb429a57d927330398658d14c39c2c66

SHA256
072144a780e1ff06a99e903e2447ee3cfa1c7b042d621c21db5695b820d5cc8a

SHA512
981e3dac85a4031a2e4db6df1f2a35eaac86be01e5cca9be38ac69bf82ddcdf33375715aaeeb4d9adb1fe61cd1dc8f6c3eb4732b5eca21eaf717b841962900e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe

Filesize
468KB

MD5
490cb63c5c716c9e761c6519b28d34bf

SHA1
f684fe24da41ba7e5822cc80c277c10e13e0fa57

SHA256
cc723ad02a66e958f7336f8cdb00b8bdb1565144d519ea7dabb9e6621f173a32

SHA512
7eee63e871bb5ef2ea3f0fbf43bf97abe6e0a24b128b3fbe817e6ed919577e32717ce9c02e348bb8451394d0f4cca80e7c500bc1396930de64b7e9f3348b21ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54712.exe

Filesize
468KB

MD5
f5d6ab51b7d0ec8f185b9a9b6c0fd7df

SHA1
65db6f59ea971c298b6e95bc3bbd9aacb1d01bc9

SHA256
5c70c41b8bc59380cf3d212a2b5a0e71a81c98f788ec2a4ea4e9bebd960ed6c9

SHA512
6228f4cfa120c4e9bc73fa3d4ffc517d2bb5496ce6ebc3b6772caa56d7d86c35f7c86c72eaaa90b6ac50382bbe3cdf7fe19cc38228a1c0e0e7b47da75b31b374

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe

Filesize
468KB

MD5
cc6c89fa93964d8d9a5519c4360cd885

SHA1
fa53b3f65bfd44d092e42d0bc6019f1c9baad5d7

SHA256
6dac082d839f76c83232173c684834c570650b9a0fc7a72fb48a08b2f5f586a6

SHA512
8c0067fc91f3652dace248198c4a3c81af2a9505169541313ddb32210843c244a715e5f9115883e54407090c0be3366fcdd75b299fbc4928ef0bff8c31f4b38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe

Filesize
468KB

MD5
e18c5884dd24c76ea1aba53a9c0de33d

SHA1
192cd4ee825e8b4dd93ebac5cee1d3b3d0f7f3cf

SHA256
e9dd33dd583f5f2c12531278a8d726763251b26adfd4cfca766c2cd29b70d190

SHA512
fd1183eeabe0f579c33a412c9b01364b7733b8e420e618539ac49209174b53b0180dddc63d6015f6d53be04b0b797167fb2cdaeead77514236c2c6449ab44a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe

Filesize
468KB

MD5
485ee8ed322e1c3c29c0c028462d8e8f

SHA1
26d6b202a4f7a086b313e091c24eb3f61fca1e50

SHA256
c35106dc96f9515b85bf004cb264f8886f571e377504d38b4336388a32970fe1

SHA512
20d97b331acc25b52f97c821800c84528a601eb159cec1952ce058c01efcacf61589fa468f53ba9b4579644d6d229e5e64b8308a70241611973e5e99d277a1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe

Filesize
468KB

MD5
7dc068635fb2898a8fe4b013de3474c0

SHA1
b4edc35e59a83ec7676f90de998f13d91b6c2d5f

SHA256
150e21d81402a4f69b74fc095edcf10cf66739bb070e2163c61a6523c26a2a5b

SHA512
0502e8325c30d986e2c63e394f92d81f85c171a29abfb4769467d048c54e24689eb46386a6c242a6953289be9ce2ac6465dd51ebe2492838b5e14bcad251db0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe

Filesize
468KB

MD5
ceecb2d7dbfd572f67acf19da50ba63e

SHA1
36f63b06bd78a55f0540168f130f85805da4c4d4

SHA256
3950cac81a4bd37a8442ff17f31390dce374cb1f017475d9090a39a55fa3249a

SHA512
9571ccdfffdc33c82bfb8952156bad100e569451eda5664b22ff704ea82a17d18585c4c875e1b2cacf4b9eddf8b63122582493a9af87e3c37eb2226f9ab3a901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe

Filesize
468KB

MD5
281caee29c1f45e3bb919b948155e54b

SHA1
052a8bc00011012a4fc8cc1a1c758c6d3ee4906f

SHA256
90c3f6990efcd83dd3a142b79424133e42e0755ffe0dcbaae699acb759204582

SHA512
cf302aa2e3f6fd63a16afc98b016287690bc0b5944beeaa2e57bcd8ba01ad4784a4cbda1bf740096c79a843cb06fdf9a19c47b87bf55538e0c695213105ad217

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe

Filesize
468KB

MD5
4adfd0a450226283465d8547e71752a8

SHA1
5f6f8a02b419c7b8547b9713a05dc20b35ff6beb

SHA256
800dcb01f333329be1f44cc7b0dd8b2e891052c471fd6f2419ca31e425c365e3

SHA512
d78540b168d00f13fc0fe80c42606680a2f46882ec22c407ecd1c880efa5c39e9402528e9a4e0894a7d93b63c3176faac6113f696d4dc3ead11412612ae878d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe

Filesize
468KB

MD5
cc3214767cbe9bf536393090721c0f07

SHA1
6a4a94e7671d2e7d652a9aadd1c19a30ea508ba7

SHA256
11d4e7cd4c6f11e56afa01178c7a3f11af277ee7ad3c8af8ffddd2885d47aa83

SHA512
053932d027358a5e6168848250f8006dd11b123ba8a2eee99c081840b13e574938e8dd92ee7a6a2518a92dd49ec4bc49f6693567a6d3a006112e7ceb462e37ca

Download Submit
memory/116-128-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/384-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/572-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/676-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/960-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1040-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1108-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1108-2477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1184-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1368-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1744-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1828-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2056-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-138-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2816-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3040-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3188-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3192-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3276-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3356-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3488-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3760-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-2476-0x00000000757B0000-0x0000000075883000-memory.dmp

Filesize
844KB

Download
memory/3932-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-2474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4060-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4072-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4204-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4208-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4356-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4372-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4632-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-2473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4760-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4784-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-2475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4836-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4856-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4896-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5196-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5332-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5348-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5504-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5664-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5700-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5884-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5892-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5920-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6000-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6012-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6056-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6092-558-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6108-559-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads