fe08d8b6fa7514f99a19373c676d3924dab7aeefa2ed869072f987634e130c4f

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d633899cca4735d704cc4762ebf9260N.exe
Size

468KB
MD5

4d633899cca4735d704cc4762ebf9260
SHA1

a53eddfcfbc62fdf47943bed0ed4f848b0ae9251
SHA256

fe08d8b6fa7514f99a19373c676d3924dab7aeefa2ed869072f987634e130c4f
SHA512

c6ff5807ad9ece46398da648e00c7e5d45d45887f1759f7baf7b9f65c853f514c69fb96f030f90eba7a46bd4e149f29de7cd778044471ff40706e041b4e17df9
SSDEEP

3072:hhT7ogI5ID5UtbYJHzcicf8/OChXPIpHnLHewVPKehxLxU0uMLle:hhHoctUtOH4icfM0qJehtW0uM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
644	Unicorn-54325.exe
4252	Unicorn-18477.exe
2380	Unicorn-34298.exe
448	Unicorn-54133.exe
1436	Unicorn-58772.exe
4692	Unicorn-57148.exe
5068	Unicorn-64147.exe
5044	Unicorn-29253.exe
828	Unicorn-4234.exe
2068	Unicorn-37229.exe
1848	Unicorn-19475.exe
2320	Unicorn-14644.exe
4000	Unicorn-14644.exe
5020	Unicorn-38884.exe
4620	Unicorn-33018.exe
3732	Unicorn-22725.exe
4216	Unicorn-55075.exe
2396	Unicorn-25932.exe
696	Unicorn-43403.exe
4672	Unicorn-20260.exe
4480	Unicorn-52932.exe
3960	Unicorn-2771.exe
4372	Unicorn-4395.exe
3928	Unicorn-4395.exe
4292	Unicorn-32164.exe
1476	Unicorn-45650.exe
3056	Unicorn-51780.exe
4992	Unicorn-12371.exe
4284	Unicorn-23306.exe
2672	Unicorn-23597.exe
2896	Unicorn-10275.exe
748	Unicorn-60908.exe
4100	Unicorn-35723.exe
3652	Unicorn-25325.exe
3840	Unicorn-47068.exe
4836	Unicorn-25901.exe
2668	Unicorn-12314.exe
2336	Unicorn-4691.exe
2324	Unicorn-4691.exe
1828	Unicorn-26285.exe
4796	Unicorn-58443.exe
3332	Unicorn-10955.exe
2892	Unicorn-8516.exe
4496	Unicorn-37851.exe
3036	Unicorn-57717.exe
4364	Unicorn-3363.exe
2044	Unicorn-3363.exe
1464	Unicorn-7562.exe
2236	Unicorn-16493.exe
4476	Unicorn-43242.exe
3432	Unicorn-3171.exe
1608	Unicorn-45282.exe
852	Unicorn-45282.exe
5128	Unicorn-51147.exe
5168	Unicorn-61204.exe
5208	Unicorn-61204.exe
5332	Unicorn-5859.exe
5356	Unicorn-36093.exe
5388	Unicorn-55444.exe
5400	Unicorn-35578.exe
5416	Unicorn-60332.exe
5452	Unicorn-6243.exe
5472	Unicorn-59637.exe
5504	Unicorn-59445.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
8532	4100	WerFault.exe	134
8644	5356	WerFault.exe	159
12384	5432	WerFault.exe	209

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40970.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16184	dwm.exe
Token: SeChangeNotifyPrivilege	16184	dwm.exe
Token: 33	16184	dwm.exe
Token: SeIncBasePriorityPrivilege	16184	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4876	4d633899cca4735d704cc4762ebf9260N.exe
644	Unicorn-54325.exe
4252	Unicorn-18477.exe
2380	Unicorn-34298.exe
448	Unicorn-54133.exe
4692	Unicorn-57148.exe
5068	Unicorn-64147.exe
1436	Unicorn-58772.exe
5044	Unicorn-29253.exe
828	Unicorn-4234.exe
2068	Unicorn-37229.exe
4620	Unicorn-33018.exe
2320	Unicorn-14644.exe
1848	Unicorn-19475.exe
5020	Unicorn-38884.exe
4000	Unicorn-14644.exe
3732	Unicorn-22725.exe
4216	Unicorn-55075.exe
2396	Unicorn-25932.exe
696	Unicorn-43403.exe
4672	Unicorn-20260.exe
3928	Unicorn-4395.exe
4480	Unicorn-52932.exe
4372	Unicorn-4395.exe
4992	Unicorn-12371.exe
3960	Unicorn-2771.exe
4292	Unicorn-32164.exe
1476	Unicorn-45650.exe
4284	Unicorn-23306.exe
3056	Unicorn-51780.exe
2896	Unicorn-10275.exe
2672	Unicorn-23597.exe
748	Unicorn-60908.exe
4100	Unicorn-35723.exe
3652	Unicorn-25325.exe
4836	Unicorn-25901.exe
3840	Unicorn-47068.exe
2668	Unicorn-12314.exe
2324	Unicorn-4691.exe
2336	Unicorn-4691.exe
1828	Unicorn-26285.exe
4796	Unicorn-58443.exe
3332	Unicorn-10955.exe
2892	Unicorn-8516.exe
4496	Unicorn-37851.exe
3036	Unicorn-57717.exe
4364	Unicorn-3363.exe
2044	Unicorn-3363.exe
3432	Unicorn-3171.exe
1464	Unicorn-7562.exe
2236	Unicorn-16493.exe
4476	Unicorn-43242.exe
5128	Unicorn-51147.exe
852	Unicorn-45282.exe
1608	Unicorn-45282.exe
5168	Unicorn-61204.exe
5208	Unicorn-61204.exe
5356	Unicorn-36093.exe
5332	Unicorn-5859.exe
5416	Unicorn-60332.exe
5388	Unicorn-55444.exe
5472	Unicorn-59637.exe
5452	Unicorn-6243.exe
5400	Unicorn-35578.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 644	4876	4d633899cca4735d704cc4762ebf9260N.exe	96
PID 4876 wrote to memory of 644	4876	4d633899cca4735d704cc4762ebf9260N.exe	96
PID 4876 wrote to memory of 644	4876	4d633899cca4735d704cc4762ebf9260N.exe	96
PID 644 wrote to memory of 4252	644	Unicorn-54325.exe	100
PID 644 wrote to memory of 4252	644	Unicorn-54325.exe	100
PID 644 wrote to memory of 4252	644	Unicorn-54325.exe	100
PID 4876 wrote to memory of 2380	4876	4d633899cca4735d704cc4762ebf9260N.exe	101
PID 4876 wrote to memory of 2380	4876	4d633899cca4735d704cc4762ebf9260N.exe	101
PID 4876 wrote to memory of 2380	4876	4d633899cca4735d704cc4762ebf9260N.exe	101
PID 4252 wrote to memory of 448	4252	Unicorn-18477.exe	103
PID 4252 wrote to memory of 448	4252	Unicorn-18477.exe	103
PID 4252 wrote to memory of 448	4252	Unicorn-18477.exe	103
PID 644 wrote to memory of 1436	644	Unicorn-54325.exe	104
PID 644 wrote to memory of 1436	644	Unicorn-54325.exe	104
PID 644 wrote to memory of 1436	644	Unicorn-54325.exe	104
PID 2380 wrote to memory of 4692	2380	Unicorn-34298.exe	105
PID 2380 wrote to memory of 4692	2380	Unicorn-34298.exe	105
PID 2380 wrote to memory of 4692	2380	Unicorn-34298.exe	105
PID 4876 wrote to memory of 5068	4876	4d633899cca4735d704cc4762ebf9260N.exe	106
PID 4876 wrote to memory of 5068	4876	4d633899cca4735d704cc4762ebf9260N.exe	106
PID 4876 wrote to memory of 5068	4876	4d633899cca4735d704cc4762ebf9260N.exe	106
PID 448 wrote to memory of 5044	448	Unicorn-54133.exe	109
PID 448 wrote to memory of 5044	448	Unicorn-54133.exe	109
PID 448 wrote to memory of 5044	448	Unicorn-54133.exe	109
PID 4252 wrote to memory of 828	4252	Unicorn-18477.exe	110
PID 4252 wrote to memory of 828	4252	Unicorn-18477.exe	110
PID 4252 wrote to memory of 828	4252	Unicorn-18477.exe	110
PID 4692 wrote to memory of 2068	4692	Unicorn-57148.exe	111
PID 4692 wrote to memory of 2068	4692	Unicorn-57148.exe	111
PID 4692 wrote to memory of 2068	4692	Unicorn-57148.exe	111
PID 2380 wrote to memory of 1848	2380	Unicorn-34298.exe	112
PID 2380 wrote to memory of 1848	2380	Unicorn-34298.exe	112
PID 2380 wrote to memory of 1848	2380	Unicorn-34298.exe	112
PID 1436 wrote to memory of 4000	1436	Unicorn-58772.exe	114
PID 1436 wrote to memory of 4000	1436	Unicorn-58772.exe	114
PID 1436 wrote to memory of 4000	1436	Unicorn-58772.exe	114
PID 5068 wrote to memory of 2320	5068	Unicorn-64147.exe	113
PID 5068 wrote to memory of 2320	5068	Unicorn-64147.exe	113
PID 5068 wrote to memory of 2320	5068	Unicorn-64147.exe	113
PID 644 wrote to memory of 4620	644	Unicorn-54325.exe	115
PID 644 wrote to memory of 4620	644	Unicorn-54325.exe	115
PID 644 wrote to memory of 4620	644	Unicorn-54325.exe	115
PID 4876 wrote to memory of 5020	4876	4d633899cca4735d704cc4762ebf9260N.exe	116
PID 4876 wrote to memory of 5020	4876	4d633899cca4735d704cc4762ebf9260N.exe	116
PID 4876 wrote to memory of 5020	4876	4d633899cca4735d704cc4762ebf9260N.exe	116
PID 5044 wrote to memory of 3732	5044	Unicorn-29253.exe	117
PID 5044 wrote to memory of 3732	5044	Unicorn-29253.exe	117
PID 5044 wrote to memory of 3732	5044	Unicorn-29253.exe	117
PID 448 wrote to memory of 4216	448	Unicorn-54133.exe	118
PID 448 wrote to memory of 4216	448	Unicorn-54133.exe	118
PID 448 wrote to memory of 4216	448	Unicorn-54133.exe	118
PID 828 wrote to memory of 2396	828	Unicorn-4234.exe	119
PID 828 wrote to memory of 2396	828	Unicorn-4234.exe	119
PID 828 wrote to memory of 2396	828	Unicorn-4234.exe	119
PID 4252 wrote to memory of 696	4252	Unicorn-18477.exe	120
PID 4252 wrote to memory of 696	4252	Unicorn-18477.exe	120
PID 4252 wrote to memory of 696	4252	Unicorn-18477.exe	120
PID 2068 wrote to memory of 4672	2068	Unicorn-37229.exe	121
PID 2068 wrote to memory of 4672	2068	Unicorn-37229.exe	121
PID 2068 wrote to memory of 4672	2068	Unicorn-37229.exe	121
PID 4000 wrote to memory of 4480	4000	Unicorn-14644.exe	122
PID 4000 wrote to memory of 4480	4000	Unicorn-14644.exe	122
PID 4000 wrote to memory of 4480	4000	Unicorn-14644.exe	122
PID 4692 wrote to memory of 3928	4692	Unicorn-57148.exe	123

C:\Users\Admin\AppData\Local\Temp\4d633899cca4735d704cc4762ebf9260N.exe
"C:\Users\Admin\AppData\Local\Temp\4d633899cca4735d704cc4762ebf9260N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
        11⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        11⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        10⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        10⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        9⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        9⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        9⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
        9⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        9⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33489.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        8⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        8⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        9⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        9⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63636.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        8⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
        8⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        7⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        9⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        9⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        8⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        7⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        9⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        9⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        9⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        8⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        9⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        8⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        7⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        8⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 720
        8⤵
        Program crash
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 736
        7⤵
        Program crash
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        7⤵
        
        PID:16404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 716
        6⤵
        Program crash
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
        8⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        6⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        7⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        7⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        9⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        9⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        8⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
        7⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        7⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        7⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        7⤵
        
        PID:16208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
        7⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        6⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
        6⤵
        Executes dropped EXE
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59117.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        7⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
        6⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54213.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        8⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        7⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        7⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        6⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        5⤵
        
        PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        7⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        6⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
        6⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        5⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        5⤵
        
        PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        5⤵
        
        PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
      4⤵
      PID:16516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        9⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        9⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        8⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        7⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        7⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        7⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
        6⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        8⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        7⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        7⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        5⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17186.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        6⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        6⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        6⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        5⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        7⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12577.exe
        6⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        6⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        5⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52461.exe
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        8⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        7⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        6⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
        5⤵
        
        PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        5⤵
        
        PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
      4⤵
      PID:14852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58060.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        6⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        5⤵
        
        PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
      4⤵
      PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
      4⤵
      PID:9048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
      4⤵
      PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26388.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4634.exe
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
      4⤵
      PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
    3⤵
    PID:8792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
    3⤵
    PID:12180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
    3⤵
    PID:15788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
        9⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        10⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        9⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        9⤵
        
        PID:18120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        8⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        8⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        8⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7860.exe
        7⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        8⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        7⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        7⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        7⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        6⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        8⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        7⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        5⤵
        
        PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        7⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        5⤵
        
        PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        5⤵
        
        PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
      4⤵
      PID:6760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
        8⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        7⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        7⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        6⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        7⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        5⤵
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18826.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        5⤵
        
        PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
      4⤵
      PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
      4⤵
      PID:18272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51960.exe
        7⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        6⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        5⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
      4⤵
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
      4⤵
      PID:10528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
      4⤵
      PID:13620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
      4⤵
      PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        5⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17245.exe
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
      4⤵
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
      4⤵
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
    3⤵
    PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
      4⤵
      PID:14676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
    3⤵
    PID:11068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
    3⤵
    PID:15224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
    3⤵
    PID:7584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        5⤵
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        5⤵
        
        PID:15380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        6⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        5⤵
        
        PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
      4⤵
      PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
      4⤵
      PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        5⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
      4⤵
      PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
    3⤵
    PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
      4⤵
      PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
      4⤵
      PID:15464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
    3⤵
    PID:10852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
    3⤵
    PID:14768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
    3⤵
    PID:10640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
      4⤵
      PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
      4⤵
      PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        6⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34834.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        5⤵
        
        PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
      4⤵
      PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
    3⤵
    PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
    3⤵
    PID:9408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
    3⤵
    PID:16828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        6⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45830.exe
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        5⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36876.exe
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        5⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
        5⤵
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        5⤵
        
        PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
      4⤵
      PID:11324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
      4⤵
      PID:16892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
    3⤵
    PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
      4⤵
      PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
      4⤵
      PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
    3⤵
    PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
      4⤵
      PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39341.exe
      4⤵
      PID:8028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6667.exe
    3⤵
    PID:16164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
        5⤵
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
      4⤵
      PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
    3⤵
    PID:11044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
    3⤵
    PID:14904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46629.exe
  2⤵
  PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
    3⤵
    PID:13580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
    3⤵
    PID:18168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
  2⤵
  PID:8772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
  2⤵
  PID:12256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29795.exe
  2⤵
  PID:15708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3908,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8
1⤵
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5356 -ip 5356
1⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4100 -ip 4100
1⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5432 -ip 5432
1⤵
PID:11568

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe

Filesize
468KB

MD5
0cbc9b5cf5854d4455f3d3f974e1c601

SHA1
0254d1121635d3ca4d329812aff546d84bfc830e

SHA256
b15948570e82846c4eaab9df38cb80102b3f7c2e3bda9bab782f245ded4e1493

SHA512
42b98b8e83e9d127c8b6e4da9bb9c85095884d086632ba6e6029931b213f1feb23384e453751ffb799df6e4cae09a216345976d33ebf48b9f1f19eeb748acc9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe

Filesize
468KB

MD5
4fafae1821106940a478c60b54850459

SHA1
9c0285db411d550161037e8012bd5450f4001e46

SHA256
6ddb9e009035ee803ce03e44afc429835d553037558aac2ea58f33ab686dfc4d

SHA512
c136572011203ad3e30fedb3d7f781fcf7908da7c047611b67d072bf4e4877830ae32941380c8118d0dde970473e37a566df2c42f816c47ad1278e8f6ead6ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe

Filesize
468KB

MD5
e7815f755070a495915c2c3bbf4e1db9

SHA1
ebfafb1635209f15593678bc625282cf1b2b77f7

SHA256
b33113bbaa2791acb3f52fac4db9fce8b17c680cfe86e336da917cfcca951de5

SHA512
72da339cc4841da6e2f5fde2633dd43121a0b9411ac3a7f8e47d998f505ea35cb524b6d43858ea31a523b1dccd603541daf11821b3063eb888ec3625d9afda87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe

Filesize
468KB

MD5
b19f6e58dab5303093da43e3f0d1eb5c

SHA1
5bda783d65081a6842a530d1ef3d93ea0417d7b8

SHA256
57d7138caa70370ac2f481accfc709e792d78679402dd23ff2370aff4599ea9c

SHA512
505fe647cdff4dc751c26590c85673d4b2c380be379d1f22f27db4ab4051d15ac9773c3012f32a4780e737b4c5395289a8bc72f523d28227a69176624641df38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe

Filesize
468KB

MD5
0ebdda2dbc4ef1681769141737d1543f

SHA1
8a924ef480f64cbe7bcca293666bf639e166aac0

SHA256
05e59bbb6540952a7254da8e9b4469fa98aef0fc5b97bcd7f1c6f2d6d8194829

SHA512
39579e354eced5c41e60bdb61e0da417ae627a51a23f3b6b17bf444954e5a64882ccc2321c8d2328325cfd108b567444bf7b0ee3f1e48a84ba4e674e1404d671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe

Filesize
468KB

MD5
506df912fe525f81680c882a308320cc

SHA1
ee97f7e34519ce5b8e8168c03e50681b413a8cc5

SHA256
3ba542f0c51dc652d05b8c4887cac632e2774334be4ca7619738ef3094efdfa1

SHA512
8097e2b18bab3ae2a03de3c1fd6394176d5b271ceb59aba0d89d3c7cf8fb4b2164db5dd6ab922e99dbfb5fc5c567917a1a6baefc107ea3ce6eba89e5691f47ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe

Filesize
468KB

MD5
61b4dc4cfaf6f5feec7a5259e08c7b56

SHA1
e6e8d459b535da7d02438cecc211b49457d1e5d9

SHA256
e08150851b06f169f93b52c37d570b6767f09cc3a1d3849c7cb50bf481b8acf2

SHA512
02418889b592b4aa053f32bc01172d9d3ebc91b9f12190c9708325aec0666a7a038bff2b26589acc90ecb199b302756337d3c1f72b124eabd070a76d5395488f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe

Filesize
468KB

MD5
18fa7c1ca8523f6fd1d24c50d5a6cadb

SHA1
e7b0e2a83f621ab5fe19dd8388bcc9615e9dc1a6

SHA256
30c2f2ec820be1200c8b7cec474ae035a9e51b6cde928ec4c349b108a913b663

SHA512
d642757e333f92e8a69191c2dc7584f125cfef54583d5a6a952da55738b6d28291dc2e4d898d6fafb1f1c5347822be0d968afbbc32e0931f32678069c210771c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe

Filesize
468KB

MD5
65198e2fe61f9903149d78c97c1353da

SHA1
27cdc2ba79dee33ad19c7e2ea499ff93857e5db2

SHA256
ff7b3e07f2b9874a50002e29c6389e1bde20be0c141d6f30da60e3171d1f79f0

SHA512
24b57898bf10a928b18cd789ac7544d1912f4d5127e436c0d55a8b55c442aac64a6fe47d5c313cbc3bdfbd039ac9039f48d7e61f7e9f65189657fe8c6d07722a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe

Filesize
468KB

MD5
b17ff3a38188850ee17ceab8c2f5cbca

SHA1
d7818de940497bc4432155ddd24b33df0c9678a0

SHA256
535790830c75e029c80de4ea9109dee1ba0e7f93f035b67efa4cae6fa858c788

SHA512
a7a77e498311a6efd93bc98bb6518ce3ec1df15a638ff8b8d36bf89d532a25018e7d69799aae81bc2d9a56c994d119cd0ad04ab5f6434f909f289ab21f4ebb42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe

Filesize
468KB

MD5
9f9746dda55abd1b9b2bc4fcdbf9802e

SHA1
aa5e7d262649b9963fa73bfb0eaf82a12bf87462

SHA256
a413ef4eebef7840573297f3dffe4a5af9b722b22c2cd11d79ca5c55c3b2f6c0

SHA512
2cb10785a84f5daab40ddc86c8fc80f0078882c828a3d3b6def888111f8eab2f17468e903ed199986d3eaad850731d8889ccc401090aa2560c04927058177268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe

Filesize
468KB

MD5
6b56fe34b2a2efa59e2e261a118a8d3d

SHA1
9dd2e498e39a82bf7ea39c027973e1e5cbc94db5

SHA256
985bc437518ef8a341d4fd15a5b0ca2cfc3470460fa4eb09e043bee5f33b38d7

SHA512
fe7686a1d195e5fc819005f612933c2585d0a6282f776f96c146c0c744745de70c90cf23a6e812f7176b735c873dbb825f9aa14849b9ce5680cb7f42d2ba18f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe

Filesize
468KB

MD5
9d907631773acd23fc727f1168d233b8

SHA1
585f8115871a914a5d967d0ddcfb04fcd39d9e3e

SHA256
866997cb1640a6376a31754d47473770d63a06eac9d0cf06b3210b50974e39e1

SHA512
9aabcb67ad22f5556d808bf046c4f9818174e82d65df4803ad2e343643d6168034ad7067f270c30cbe3c9bd86142d7849f8dc1b19f84561f8caa2f7d5516c734

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe

Filesize
468KB

MD5
39dffa84b97752c121bd4b7a55ad42f4

SHA1
805590be2f55af7fc570183643314de8582fcaac

SHA256
d6fec66b77b84ac9f718a0e0d055b5d81bd390ea0ceb4656bda7f6acc78c5f57

SHA512
a0efda44c966c2e542d14b2e0feed43212f371cf5e74bf038642efae06ada8a35449947a4d482d1b8594db3cf2e598d99e83673e93169deb03892a1a924eb6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe

Filesize
468KB

MD5
ed56be212538d5c4eb2f7f9ab83d4f41

SHA1
54ff3f8ec1fc0cfaa22995091d0db1f7ac1feefe

SHA256
8e1efb3eb0a2e048ba88bc40e2a233c5f52ed9d3fdeb1f4a505e9e0514bfc0f6

SHA512
b4f68044cfe6eae32fc7b4bd35ca66bddf09572b31fda4c0aaf25773b4b738f7ac98040b6bfe526f47155604bbaafb6feec0d68358581fd1d8e6082f07fe5392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe

Filesize
468KB

MD5
da1d45fa399e89e24d6aa4fd06a350ae

SHA1
ee5814fe946b17adb449daeb993235d47a3c5158

SHA256
3282f3a708f2165510dcb03f8a11f9e5f59780b66a4439763e316b47ed8532ba

SHA512
561f97bdf4e39fb7beab8813d4d7fe20d26ce73b2732ba7dcb09bda8a7ef7fd4c8e7cfad938720e7aa8a9262f5879d54fc07272eab95aab4adad3945f335f369

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe

Filesize
468KB

MD5
1f44fed57d96794cfaced13f7b5bdf3c

SHA1
bc7cc90af75a5d00eac7e20a4265bd4a8badaf53

SHA256
f395ed9ced2fdd50014f9a647e1c469b66dacf95a7417962a16a525b7386ab4b

SHA512
9c03a8592bed434bb6b1ac37d47f3af7404f6dec1cbf4a0f60d7ea4c08e368b5b8c7439f7684ce563e63d7af89fa6c4c5ab2ba076f9e05945a32b936af2d382d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe

Filesize
468KB

MD5
73ba7ed515536cff1d24e4593378087e

SHA1
52c1b303ac3ca537ff809b713eb5b4f973de4d60

SHA256
cd68c5ddfde3031fa86b6105e11a0afe856c78ca1a0300f64781dfc999ebc010

SHA512
c7892854c90d9e0e19981c835fcaa720bdd5bc9f637f65cfe9274fd9b66b1bf66fc4720d54c12e41abb7c305e4c47decea9e4143fee95412328a6c48e59a58e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe

Filesize
468KB

MD5
1f6330481c703f9f343ecca0ab394082

SHA1
9840c39d8e21727df5bf34377f0af2274e355d5a

SHA256
fc7d118b5d8c3d085b13ec04477f60767031d5b5c04f82cfebda9a9bb15b5383

SHA512
94a4790479f1c9f7e27d09e74a44c0f98fcc13ef880d3d536a2d3ca6918c9deb0a8a8851e772e3046d5043516cd62998ff9ebc8a929ed8c1164708df987ecdae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe

Filesize
468KB

MD5
06ad455bb477f7c8214f4fa57f10da13

SHA1
1be1dad384e814218f895e909ae41b941255ddbb

SHA256
3f61ea35989e691310f0e79497ac75bf133f1b6f7f5fabde3e0406211eecb767

SHA512
80829826fae8de44e6f9e7763a237f0d0ca6815f3ca6419b2ba02ecc2d40ffe6435c49fc1c3ed5b560db4d6ea296b66d311acb74b4b86f7cd72fe2f53e2725d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe

Filesize
468KB

MD5
06fdbc16949983e225a622f427fa858e

SHA1
f9322fc38ee807abace18e69fbcd8542681472dd

SHA256
06591fae8230d2e0f42db99a0da8a2d3bb64e7941364280040a26e4a1973d9c7

SHA512
accc80cfbf27e8d4fab658fb2471bbf45f36026b440a862535890abe830fcc3622d1ecfd630fa0d2f220ffdcb476a4aaf0f68ade45d3eabb2e463e965fee186e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe

Filesize
468KB

MD5
8878c7bfa88f945d9a0771372662a131

SHA1
7384c3d88090bdc2fc20e31424b90a1c540f4e7c

SHA256
2847085e71776e80db3505cc918e338e283b4ec66e6f63186d7e5f1633303425

SHA512
63dc6751bc19d09f0b9e014b52aec45ff37fdd6b3c839c67fd1842de508853a10542153a5b5520d1ff880afc4beaea596c7746f0e539b564a2be1060fa119e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe

Filesize
468KB

MD5
92cd293236edf2ae48f056d03dff4da0

SHA1
964dd971e31f9ab803711145e8387d5c46aeeba9

SHA256
20a5fe1e7512b49cf0a91def5bc63ab149b16bc9336cb20c5beb741c4e43397a

SHA512
92ce3375c8c2bb689a11c597d80816edb175c8040386560f1dbafad439c9c5164397c6c7ed01310ddcf461e3ea749ea1fa596cb6ef0bbb068bc0210736b19ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe

Filesize
468KB

MD5
8ec08252836ef7dda49c91107628dce3

SHA1
be2c066a5bea46c0f0ce4a3c3490bb476b13f927

SHA256
4109847eba956773fdbee9a9ac1d11d354f6b0ff67fb95afeab520e59047ee73

SHA512
142a5fa3fa71fa8c8fa3695fb25323456a45aa762e548bd76d4e681920b0157701588787267d3a615ac32b4e356937fda88fe9f53a9a6504b40c8f97f10954fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe

Filesize
468KB

MD5
855e0fe9f54de0ef31c6c09179999f84

SHA1
f57c2e128a283e98c6b57df9699a58929126be67

SHA256
cb18bbb1a88362ab0916056b800223117ee45c499c37bf9cd977bd1b9b6bbf60

SHA512
dc8b6214bc3789aba7db4b3013a41e5f83c2b381fb3369af913b79df723e13a829248c0ed3b243d13e6e449087998330afa81753d0591f14ed2a2f1c6b6abf49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe

Filesize
468KB

MD5
1403ff3905d1790862a5428449ddfef6

SHA1
13c3209b212a6440a6453716cd96b951eb2f6d79

SHA256
463be96bbd6a0d17eb3f556c2ddc6e1d76bbedcccd51b590abf868cdf21e240f

SHA512
76bf7afb456c9a6ef7efbe37e3d9185b5c3cd2e181d0b0cf4630ebc14666d8e7441b3a09d179940652f15d5ace37182e9ff76cdeb45cdc4de49f856addeb93ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe

Filesize
468KB

MD5
30917027b46bc731e4fc37c73614afb0

SHA1
0dd8ba3cd0c729d2c6e4a9a1f1a5410adc7abbc9

SHA256
c4495d0f7398c56138a50f6583297f6e635a31d9f1e1802b3f70c9d81e827470

SHA512
abeae1d98bf8869c2d2e2e321cd4ad1dbb268bec1d440a683e602fd1098d49c515597833ee19f20df2a17cf1bbae972c8669c3745e2987fe8c220a2cd28c8b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe

Filesize
468KB

MD5
5edcce850002621aec841505c1e243e1

SHA1
91a6dcb4cebb840dc4f177772023bc0d573238ed

SHA256
181837f071a38cfe27630853fd5cd4ade7c788d942ad2f2f1fbf1efaf9504e84

SHA512
8cd1f5f17f18dfa28d4e1be93ca7a6c9c4a172e6b2b7e0d89ffe3dc7172c4fcb8e7e5aa42daa919e36c2ff35d725221c2e6786a4c943b43985a98258d4f3dd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe

Filesize
468KB

MD5
4b25fdc71ee2eb3a2110cc991d1310f3

SHA1
a355ececeebf37025d5fd1a27e659370681046a7

SHA256
870d80c9febec98dbbc3c7b8d48ad22ca62ec3bf03022c765ee223d38bbf5e30

SHA512
b46e38fb58897e74d3088dfe8c5778e658e604c25f99a3bf1e6b2fb34324f173b78e7fa8907a4e26d213513bacf047507e1d17c41b4d17dde5a70f6af69df012

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe

Filesize
468KB

MD5
b3db8e795cbd4e3fab668d9fb0d0bf53

SHA1
9f0f9c689cf223ce270b724cf57e877d4ad13bb3

SHA256
b62427f53a2271bf1b0db89571d8ce841b6874549c92e6f5d55e15f076622a7c

SHA512
d871064a20cdd148ee8461f17b927a570f0cb70ee4d049ac7a3f6d5088cd35a6ac2229eb673ef4d1fe89c07231e9bb800d3f8260370de1f4be1f6364b39f8312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe

Filesize
468KB

MD5
0153165d6d971f741e2dad1169de794e

SHA1
3e7408867826803b462d719ffd8e277cb81f6f1b

SHA256
688ad83316382152ebb06a8a81d1fca5d32d559369e6ec9bf54333345eb0ec76

SHA512
bdd04bfee6f14daa2216d42c9ebef2d72a98d3eb45af82000a411896960a9f49d03793cf9f0d4827a75f7ad7dcbbe3ea20ade732d2b941960f720096edc36938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe

Filesize
468KB

MD5
70252efb6d07e134ec6d9ac70d1d21eb

SHA1
816b335331b2647f89e8166b76903708f4768a85

SHA256
e10ae5f01914d66693708ddf77ce68649179e496eea374b7f19b285f282bf86f

SHA512
f468004f54b9d9a25ae2b0a2776bd67ac41bc06e96cb722e9bb61f1f6fe76ce75fa5e50322c70b673e8652a94afa4fae305caf0f55caa53ff3f9dc6451a4bd1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe

Filesize
468KB

MD5
530be0f9616fae8c34f3984cad97e089

SHA1
cc50e2b568db5a2a8f01abb5dd075840850f6040

SHA256
545e7bfadb589db2ffb6cdf705445207cf0ce7a5174f33ca7befe55392717ef2

SHA512
a2e982960704b83ec9da22e4325d195c104245b04a5930f7dae943b79fb28a5969b871a80f68b1f32e0542587725449bb744255bd0a4639643f4c30b3bb80716

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads