2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bf

Analysis

max time kernel
120s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe
Size

468KB
MD5

966a7a643c8e4ee777c685aea1bd6900
SHA1

e0a502b850fc2dc964ce1f8fde57f4dae25c19dc
SHA256

2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bf
SHA512

8b1f1274f69e1df2810b36090f907e676ee3faee041cb361688b90028ca456b6fb1905e7cf09034ebe7d26d58877deb831d892a2e4cf05156bf74accc9b7a2ce
SSDEEP

3072:auihogfxjg8U2bYZPz3cqf8/EC3jkIIZswfI+VXwUxK+4dWYt5je:aucogNU2aPDcqfXdQpUx9IWYt

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2364	Unicorn-46242.exe
4232	Unicorn-55718.exe
512	Unicorn-48105.exe
4028	Unicorn-53362.exe
4584	Unicorn-57446.exe
1508	Unicorn-37580.exe
4596	Unicorn-63568.exe
2896	Unicorn-9781.exe
232	Unicorn-6252.exe
4880	Unicorn-65012.exe
1684	Unicorn-35032.exe
3644	Unicorn-9873.exe
4828	Unicorn-16004.exe
1528	Unicorn-54898.exe
3116	Unicorn-58717.exe
4340	Unicorn-23570.exe
32	Unicorn-42598.exe
4124	Unicorn-39714.exe
2804	Unicorn-13263.exe
4284	Unicorn-54851.exe
540	Unicorn-50112.exe
764	Unicorn-54680.exe
3064	Unicorn-54680.exe
1976	Unicorn-48550.exe
1576	Unicorn-31857.exe
1076	Unicorn-53918.exe
3400	Unicorn-16340.exe
2208	Unicorn-4.exe
892	Unicorn-62848.exe
2676	Unicorn-54680.exe
5004	Unicorn-54680.exe
1764	Unicorn-26824.exe
4604	Unicorn-59396.exe
1932	Unicorn-22740.exe
4784	Unicorn-14934.exe
648	Unicorn-19040.exe
3060	Unicorn-27208.exe
2244	Unicorn-20528.exe
1504	Unicorn-15702.exe
1532	Unicorn-43736.exe
3376	Unicorn-36122.exe
820	Unicorn-9501.exe
684	Unicorn-40320.exe
4360	Unicorn-54618.exe
4040	Unicorn-19808.exe
3620	Unicorn-12002.exe
2264	Unicorn-31868.exe
3648	Unicorn-31868.exe
3932	Unicorn-48204.exe
3988	Unicorn-56372.exe
3184	Unicorn-56372.exe
3388	Unicorn-15531.exe
2976	Unicorn-17569.exe
3096	Unicorn-27784.exe
2772	Unicorn-13704.exe
1648	Unicorn-27784.exe
4500	Unicorn-20746.exe
3900	Unicorn-47389.exe
4888	Unicorn-63725.exe
4624	Unicorn-7839.exe
636	Unicorn-21375.exe
4608	Unicorn-41166.exe
5136	Unicorn-13200.exe
5156	Unicorn-34582.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
17124	10468	WerFault.exe	711

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2374.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17056	dwm.exe
Token: SeChangeNotifyPrivilege	17056	dwm.exe
Token: 33	17056	dwm.exe
Token: SeIncBasePriorityPrivilege	17056	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe
2364	Unicorn-46242.exe
4232	Unicorn-55718.exe
512	Unicorn-48105.exe
4028	Unicorn-53362.exe
4584	Unicorn-57446.exe
1508	Unicorn-37580.exe
4596	Unicorn-63568.exe
2896	Unicorn-9781.exe
232	Unicorn-6252.exe
4880	Unicorn-65012.exe
3644	Unicorn-9873.exe
4828	Unicorn-16004.exe
1684	Unicorn-35032.exe
1528	Unicorn-54898.exe
3116	Unicorn-58717.exe
4340	Unicorn-23570.exe
32	Unicorn-42598.exe
4124	Unicorn-39714.exe
4284	Unicorn-54851.exe
540	Unicorn-50112.exe
2804	Unicorn-13263.exe
1976	Unicorn-48550.exe
764	Unicorn-54680.exe
3400	Unicorn-16340.exe
1576	Unicorn-31857.exe
1076	Unicorn-53918.exe
5004	Unicorn-54680.exe
2676	Unicorn-54680.exe
2208	Unicorn-4.exe
3064	Unicorn-54680.exe
892	Unicorn-62848.exe
1932	Unicorn-22740.exe
1764	Unicorn-26824.exe
4604	Unicorn-59396.exe
4784	Unicorn-14934.exe
648	Unicorn-19040.exe
3060	Unicorn-27208.exe
2244	Unicorn-20528.exe
1504	Unicorn-15702.exe
1532	Unicorn-43736.exe
3376	Unicorn-36122.exe
820	Unicorn-9501.exe
4360	Unicorn-54618.exe
684	Unicorn-40320.exe
4040	Unicorn-19808.exe
2264	Unicorn-31868.exe
3620	Unicorn-12002.exe
3648	Unicorn-31868.exe
3932	Unicorn-48204.exe
3988	Unicorn-56372.exe
3184	Unicorn-56372.exe
3388	Unicorn-15531.exe
2976	Unicorn-17569.exe
1648	Unicorn-27784.exe
2772	Unicorn-13704.exe
4500	Unicorn-20746.exe
3900	Unicorn-47389.exe
4608	Unicorn-41166.exe
3096	Unicorn-27784.exe
4888	Unicorn-63725.exe
5136	Unicorn-13200.exe
3664	Unicorn-61032.exe
5260	Unicorn-1260.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 2364	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	89
PID 3720 wrote to memory of 2364	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	89
PID 3720 wrote to memory of 2364	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	89
PID 2364 wrote to memory of 4232	2364	Unicorn-46242.exe	92
PID 2364 wrote to memory of 4232	2364	Unicorn-46242.exe	92
PID 2364 wrote to memory of 4232	2364	Unicorn-46242.exe	92
PID 3720 wrote to memory of 512	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	93
PID 3720 wrote to memory of 512	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	93
PID 3720 wrote to memory of 512	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	93
PID 4232 wrote to memory of 4028	4232	Unicorn-55718.exe	96
PID 4232 wrote to memory of 4028	4232	Unicorn-55718.exe	96
PID 4232 wrote to memory of 4028	4232	Unicorn-55718.exe	96
PID 512 wrote to memory of 4584	512	Unicorn-48105.exe	97
PID 512 wrote to memory of 4584	512	Unicorn-48105.exe	97
PID 512 wrote to memory of 4584	512	Unicorn-48105.exe	97
PID 2364 wrote to memory of 1508	2364	Unicorn-46242.exe	98
PID 2364 wrote to memory of 1508	2364	Unicorn-46242.exe	98
PID 2364 wrote to memory of 1508	2364	Unicorn-46242.exe	98
PID 3720 wrote to memory of 4596	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	99
PID 3720 wrote to memory of 4596	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	99
PID 3720 wrote to memory of 4596	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	99
PID 4028 wrote to memory of 2896	4028	Unicorn-53362.exe	104
PID 4028 wrote to memory of 2896	4028	Unicorn-53362.exe	104
PID 4028 wrote to memory of 2896	4028	Unicorn-53362.exe	104
PID 4232 wrote to memory of 232	4232	Unicorn-55718.exe	105
PID 4232 wrote to memory of 232	4232	Unicorn-55718.exe	105
PID 4232 wrote to memory of 232	4232	Unicorn-55718.exe	105
PID 4584 wrote to memory of 4880	4584	Unicorn-57446.exe	106
PID 4584 wrote to memory of 4880	4584	Unicorn-57446.exe	106
PID 4584 wrote to memory of 4880	4584	Unicorn-57446.exe	106
PID 512 wrote to memory of 1684	512	Unicorn-48105.exe	107
PID 512 wrote to memory of 1684	512	Unicorn-48105.exe	107
PID 512 wrote to memory of 1684	512	Unicorn-48105.exe	107
PID 2364 wrote to memory of 3644	2364	Unicorn-46242.exe	109
PID 2364 wrote to memory of 3644	2364	Unicorn-46242.exe	109
PID 2364 wrote to memory of 3644	2364	Unicorn-46242.exe	109
PID 4596 wrote to memory of 4828	4596	Unicorn-63568.exe	110
PID 4596 wrote to memory of 4828	4596	Unicorn-63568.exe	110
PID 4596 wrote to memory of 4828	4596	Unicorn-63568.exe	110
PID 1508 wrote to memory of 1528	1508	Unicorn-37580.exe	108
PID 1508 wrote to memory of 1528	1508	Unicorn-37580.exe	108
PID 1508 wrote to memory of 1528	1508	Unicorn-37580.exe	108
PID 3720 wrote to memory of 3116	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	111
PID 3720 wrote to memory of 3116	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	111
PID 3720 wrote to memory of 3116	3720	2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe	111
PID 2896 wrote to memory of 4340	2896	Unicorn-9781.exe	112
PID 2896 wrote to memory of 4340	2896	Unicorn-9781.exe	112
PID 2896 wrote to memory of 4340	2896	Unicorn-9781.exe	112
PID 4028 wrote to memory of 32	4028	Unicorn-53362.exe	113
PID 4028 wrote to memory of 32	4028	Unicorn-53362.exe	113
PID 4028 wrote to memory of 32	4028	Unicorn-53362.exe	113
PID 232 wrote to memory of 4124	232	Unicorn-6252.exe	114
PID 232 wrote to memory of 4124	232	Unicorn-6252.exe	114
PID 232 wrote to memory of 4124	232	Unicorn-6252.exe	114
PID 4880 wrote to memory of 2804	4880	Unicorn-65012.exe	115
PID 4880 wrote to memory of 2804	4880	Unicorn-65012.exe	115
PID 4880 wrote to memory of 2804	4880	Unicorn-65012.exe	115
PID 4584 wrote to memory of 4284	4584	Unicorn-57446.exe	116
PID 4584 wrote to memory of 4284	4584	Unicorn-57446.exe	116
PID 4584 wrote to memory of 4284	4584	Unicorn-57446.exe	116
PID 4232 wrote to memory of 540	4232	Unicorn-55718.exe	117
PID 4232 wrote to memory of 540	4232	Unicorn-55718.exe	117
PID 4232 wrote to memory of 540	4232	Unicorn-55718.exe	117
PID 1684 wrote to memory of 764	1684	Unicorn-35032.exe	119

C:\Users\Admin\AppData\Local\Temp\2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe
"C:\Users\Admin\AppData\Local\Temp\2b55fec618abf71391ae3a2d9b1aa21c89b5e117f2d83c1303e18446b2efd3bfN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        8⤵
        Executes dropped EXE
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        10⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        11⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        10⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        9⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        8⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        9⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        9⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        9⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        9⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        8⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        7⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        9⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
        10⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        9⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        8⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe
        8⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13309.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        8⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:32
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        9⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        10⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        10⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        10⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
        9⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        9⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        9⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        8⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        9⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15129.exe
        9⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        8⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        7⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        7⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        7⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        6⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        8⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        7⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        6⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        9⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        8⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42370.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        7⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        8⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        7⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8287.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        7⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42043.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        7⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        8⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        8⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        8⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48323.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        7⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32908.exe
        7⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
        7⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        6⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        6⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        5⤵
        
        PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        8⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        7⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        6⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
        7⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        5⤵
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
      4⤵
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
      4⤵
      PID:18152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        9⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        9⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        8⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        6⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        7⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        6⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4383.exe
        6⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
        6⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
        5⤵
        
        PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        8⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22142.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        7⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        7⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        6⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39320.exe
        6⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        6⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        5⤵
        
        PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        5⤵
        
        PID:14920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45803.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17393.exe
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
        7⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17020.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        6⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        6⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        5⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        5⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      4⤵
      PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
      4⤵
      PID:17264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48806.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        6⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
      4⤵
      PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        5⤵
        
        PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
      4⤵
      PID:10712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
    3⤵
    - Executes dropped EXE
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        5⤵
        
        PID:17968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
      4⤵
      PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
      4⤵
      PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35161.exe
      4⤵
      PID:18044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
    3⤵
    PID:9832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27121.exe
    3⤵
    PID:13440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
    3⤵
    PID:4796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
        9⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        9⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        9⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        8⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        8⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        7⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        8⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        8⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 72
        9⤵
        Program crash
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        7⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        7⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        8⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        9⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        9⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        8⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8686.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
        8⤵
        
        PID:180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe
        7⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        8⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        7⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        6⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        6⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        7⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        7⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17918.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        6⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        8⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10019.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        5⤵
        
        PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
        7⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11786.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        5⤵
        
        PID:17536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
      4⤵
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        5⤵
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
        5⤵
        
        PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
      4⤵
      PID:7128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40948.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17020.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        7⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        6⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        5⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        5⤵
        
        PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        6⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        5⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25534.exe
        6⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33892.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        5⤵
        
        PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
      4⤵
      PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        5⤵
        
        PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
        7⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49796.exe
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        6⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        6⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35982.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
      4⤵
      PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        5⤵
        
        PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
      4⤵
      PID:17152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        6⤵
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      4⤵
      PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
      4⤵
      PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50476.exe
      4⤵
      PID:17348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
    3⤵
    PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
      4⤵
      PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
      4⤵
      PID:1232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
    3⤵
    PID:8848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12305.exe
    3⤵
    PID:12548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
    3⤵
    PID:4948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        8⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        7⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        6⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
        7⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51437.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32206.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        6⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54150.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        7⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        5⤵
        
        PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        6⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        5⤵
        
        PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
    3⤵
    - Executes dropped EXE
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
      4⤵
      PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
      4⤵
      PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32577.exe
      4⤵
      PID:14388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
      4⤵
      PID:11104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
    3⤵
    PID:8344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
    3⤵
    PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        7⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
      4⤵
      PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        5⤵
        
        PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        5⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
      4⤵
      PID:17532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
    3⤵
    PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
    3⤵
    PID:9388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
    3⤵
    PID:13552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
    3⤵
    PID:17928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        5⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
      4⤵
      PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
      4⤵
      PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      4⤵
      PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
    3⤵
    PID:8792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
    3⤵
    PID:12556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
    3⤵
    PID:1364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
    3⤵
    PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
      4⤵
      PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
    3⤵
    PID:11136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
  2⤵
  PID:6804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
    3⤵
    PID:9240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
    3⤵
    PID:13584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
    3⤵
    PID:5020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
  2⤵
  PID:8488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
    3⤵
    PID:16928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
  2⤵
  PID:312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
  2⤵
  PID:17476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4360,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
1⤵
PID:2120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10468 -ip 10468
1⤵
PID:17068

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe

Filesize
468KB

MD5
02b9a88a4f7d3fec33fc9d2295f50313

SHA1
617d709d0f4f2e366f3bc0968b6497ac3adecc54

SHA256
3f4cb7b3b8150ea44f4f7db41e7decbb56500f12e9e228d9e86ad845277f931b

SHA512
4d7986b260101d757fc8f312ac20ee36b465658d5c03223d6f7e212a98ad1851c0265b861fe1503ea60cfb11c50365d48dcf2cce7dec356a79c5ba6343d6f0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe

Filesize
468KB

MD5
351f0fd0f8f8ff58960c9f4000b95772

SHA1
3e31ea174401d28e6fcdda10f609d91d6df44ac8

SHA256
fae5eaa4ac23c35ab0fc4caabbde6487b504928984457ac4d35bfa9a418a7b8a

SHA512
8a7bfc850cce1cde553e438e97b07b40d05a5c33737ebae19b3c28ed003d038095669148c64c256fb883eb48a88ea448366a96fda25856b76a7962767678106f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe

Filesize
468KB

MD5
37ea3903181a748a42859ef76127b393

SHA1
567752adfcd68ebab694a7b1b8d0e4ea86697d83

SHA256
9dc41a7507c0ccce56b320d48f836d3902400fb7c2c2a12c1deaf396f484b02d

SHA512
b2f9eeef488952678d545bd2dcd1a713e39ba48aec51d2aeeb8bed199cbeb094cecba32994e21d430ecd4291fa89310f771cb65a90b37e58a9a8c33fd998f04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe

Filesize
468KB

MD5
df0a2c77f34581e205cc92b6c223d344

SHA1
4d0861c82959b0945fde6fc9eb07231d46843220

SHA256
3353159873321f0cba1bb1c1001d23f5b1a71eaa3cff4d6421ee09dd8b068dab

SHA512
8fa6c14d0fafb9ae70a8dece599849c7500c983e39ce8a995a9ec57c3804083f602d468ddeace7f5bbd197b99eef7afa65edb0330cb669fbb6a814b71ab722b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe

Filesize
468KB

MD5
8b687328f08aec8d527dd5196a42609e

SHA1
089cca581f4d0b2d20aa71909f1faf84dbadf7d0

SHA256
84182ddfd342553c0891f9d09e8711fb56b4fc4514dc93bc70b89bc55be9dec1

SHA512
3a5f0128c0e9b2ce9ae7f5befbd31e2637ba02038b71ebf87946b3b9b30b2a2ef902b13a6a3bfa646376d1d0188764fb82df40f336791c1a04b50d7b7bb56c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe

Filesize
468KB

MD5
93e6e0b6afcd0c9fd4eaabccf3848e04

SHA1
e44f0cfddf6e44783e3b294585ea81ac0cbb1043

SHA256
490e46f0c3d8116c5994a4c7b65db663a67997789954dc749b2d4c633cfb8d26

SHA512
21b3daf6084d730b88cfca501dcd441e12f262ab2b31ee23d578854cd33087444a07038967309b6eb0725c68025c48b14ffbb8047b4412994f2592f9c308cc19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe

Filesize
468KB

MD5
97c681686b3be8c9ba3f0657d660599e

SHA1
07993825c4dfeb2b57ecfecc5d90235d806d2e09

SHA256
4426069c298f20da54cee2f5efec2bb1ccd4e70edb97ab7d5d4729e574f17f67

SHA512
54a483d01edbe8b953a2d926d5b4fc668b5cc962dc8a66038321a0f1ee354a3eb32e8c8fd83b09f46b09f20161dc1b0b23d7faa846a8aff950b756d7e06de25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe

Filesize
468KB

MD5
e12634694b114e59c907941180824d99

SHA1
cbbfa609716c1312e03651a5738bee0d7781933e

SHA256
3777078110e4a61ff63050a46989d6f74fe944ddf69c200c04cf2f52d923ac4d

SHA512
ceaec3947cb4f64a5c24b3203fe4961a0f7592c39afc70b52557157b78bd19bbe9cd9167f7c86ddf805b34f89ad846205cb8804cb437deaa007f642db6aac24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe

Filesize
468KB

MD5
888fd18d8e593a6fef3c44810eedf71f

SHA1
6e31479f280564f28dcebed7f67666eb4d03a7cc

SHA256
c59959340109c709fd2d2247f2204a1561f95e67c007b3b110647883de5ea87c

SHA512
7b3531944bf13e8c73dd4e78135a28da9b701d6a9284dd3963515a22f94175462ac2c092045161ae446e2b23c33b4c6565da01b851968682c4ec9d37e0fb33d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe

Filesize
468KB

MD5
4b8974dad2fed29a4b086f6993055f9e

SHA1
af6e05c5e578ec6d8f0e6736f38081064acd0845

SHA256
41de5ed9f68e3e61fbd3796e2da4224a3f15671886d7ecc16d5952cbd2d7ec1c

SHA512
4d3ef06da814fe76d4bea7913bf630e471c2539b063ce118b4cde886cfa7ecf7bff24d06da93cbe05724029f559d1ed57aa83c9f64ebc6bb708be5ab4b5f8b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe

Filesize
468KB

MD5
f9bf97a56a3288bf40afe20a0885f727

SHA1
3e89f484e8ac618fc8a06cc3bbd44065d57e0faf

SHA256
2d5aaec155f92adc9ce27072031bb369e05fb1bcfcb09e1319adeec179f04725

SHA512
d22250c68f2ef307fbfc6f879f1ea8d21d23414563add223cfe88db8e5466aad3607790f61e205c3a1ae7656c9344f86d5defe937b3312bac159618d47e5010a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe

Filesize
468KB

MD5
e95e502f1d313782bfc221ef934aa711

SHA1
e05e8409ab71e73400a6bc7813cc864c5de182bb

SHA256
7ad35ff687869b2a11dbc329d6b4216e7fca100a7d1b2e5751db1bc7c747c3d1

SHA512
fb666681774819f5c448c46821a3c9e5e3a2835b227b46ef8650472152f2c1ec5102c6fcc0c04a183734f65afde4d54770955e86f31222642bd9b725e404372c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe

Filesize
468KB

MD5
5e8ace4fb4be97615c4b2640c9bafcd4

SHA1
79929be813988bef7fc46b2c2bb905981083b927

SHA256
1dd4cb5a0f8c78ef2c41fae4423f959aac4db08456c81b597d4486778504824d

SHA512
df36d47dfb089579009163acea857af88352651f42b0bab4f3af617bb118eea05a0ab52ba66e3ed297216f7e3b592754794225f44b8a1a207d7d3f84376b2824

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe

Filesize
468KB

MD5
d761c1ac9eb2e8149e5baf4872d75dcd

SHA1
b8bef5ea4cc0cbd18b4a321233892848e3741c51

SHA256
40049311682df9ef88e7e9abf86b0dc589e5e455cde3d24c5e2ae3cc05996d5d

SHA512
15ef6ff2cce85a67b672151f84178dab3ec76e650409da39fcfdcc833fdc84f79e9b4d557be50f956bbdfa2070130f4b3abe87e05edaea729d108a726aeba0e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe

Filesize
468KB

MD5
f98ed3ac9391c445e991e2a1e237585c

SHA1
08221b63b8d36fc25ebadb608292e754731c4961

SHA256
99ab2cb8959c80b4f1ef5e683e1076a169be35175cb6a9040b560faa680109d9

SHA512
9c7733b990a92803272205a97f7b35879ba4c7ef3c4a195844bd106cc72bcfd3da04d43451533ef8cb182889dc0bc6cd3705b87564208cf2c0c1bb069325a3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe

Filesize
468KB

MD5
e99e15513645825ec895b1d3c489e424

SHA1
816337eea6e74ad01432da112ccd4906725da9e5

SHA256
28cabb9e71687ad00e527dff92dd67e3bb3c8f2ac447ef7fae9de1296c02d43f

SHA512
c6fbd0a0e393827370de306d9a8f9e8fe0ced30d7c3e9432c5c0ad7e937bbafc409c810e6298a4ce9f6967e79c2af93377e8810f4b42051cb07e03b687f983dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe

Filesize
468KB

MD5
de7659343bc11cd41cea99b4d61f9839

SHA1
b41ceac27494901b67352afc215d60140085ca58

SHA256
a51f717da2625a48a263fabe04ec122642a123d732041f2542d7aec891d19aca

SHA512
686a61724600f8aabb8318bb4421a401a149e1d729469b0d5e8520265b03bb14271c52986b816fbff7130ce87b8f6079969c07dceb1d479144773a3113490b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe

Filesize
468KB

MD5
376b7d682439203e9572cd6830f53be0

SHA1
2b2ca7cf2150e55dfdd3cb5be9c18272a5cd24ea

SHA256
3aaf5d379cbc0060724344fcb35c89f3682125b973483c77bf89c2886d6be5a8

SHA512
747213d7ae0c10aae96ad67bb6fd7688e1e199e6544b5bec38d510dec2c84a1d8e8bbe0b0f3f4c8c196fdb91bb4b9fed51b09cf1a26d3ed60c866e4bb117e3df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe

Filesize
468KB

MD5
bc8042aee8b4158f6d727bd11d5ce42c

SHA1
913c7d8b97b0c851f5f04f1f38a3d0d532f607ef

SHA256
67b3ff327b744e031b1695794a09d4c0526eaf7e960caead7c29462bc2b09d0e

SHA512
df05bd5270999e76e8728d9c3c1ed3bde756d0564120ab481d3f6bfcb071de0322dc9f40b1cc13151da834f458c9663f9491d6de653ddf74d1a9c71f634d5b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54851.exe

Filesize
468KB

MD5
aef8da5b62a69da2db27213b24540e69

SHA1
90d33d60b9fe81d0e13b08804e8179baceb685f9

SHA256
3798dafc4677f8d6ee7eda1a5993aeb7d67f498ef83724d7a536b911416bbb54

SHA512
fe81faa048c387ea00b229d5d449a4c706224eec745ff897a483699cca8c2d586b58a3044006e57bbd7881a41febfe29d24f041cc8ba155a4bb7a816128783ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe

Filesize
468KB

MD5
17edbae63e3c34eaecd6cb878b2db4ef

SHA1
d2f18a516ca30eeb9c4cd063379c1fcb63f7127a

SHA256
60d60057efd69b1e9b7fb90fba4a9a2c9b5a9c4e71e87cf2723da7d58b01dc47

SHA512
c08ce8add765ed8b5e08c065b80ba028649037aa4ed7eda765963b87c748992a0507faf83b281719a4a9670f17422d20c32d040aa7a6333f4897639fa7620eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe

Filesize
468KB

MD5
c1ba8a5f20edb8e180d713f1eee89801

SHA1
6ccde81bc2fde7ecdb7a97985a3fd0f1d46e3767

SHA256
b7a5786ab23ac7b2b6b55f0a65ba9d0cad26dbf2041e8f0e4c16925ef12ea176

SHA512
eea90bde9779d42ceaf632cb39826c419b7c05a17b66696ffcefd35c658f81099c39d220c4aa65f87bbecf15acba5be8727a7b7a1d10ab9d00ce7175179f4ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe

Filesize
468KB

MD5
bacf0c95a24ffa33ddc56b3e47bb374b

SHA1
f918df6393b57251ec7c21b74524d763cc4aaf2c

SHA256
d30c18a501f229d7290c6beaa3187f441dd5d20ba86d5d573977666af092df9f

SHA512
2074f63771cf1c754f68206d492258e61f6d9743807b07d3330dfd3096270e73a86fbe9350f2d0e53adea6f36d8118c9a723a775c0da606ae22781b1488ac394

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe

Filesize
468KB

MD5
078ad23ffcb8923d950638043613bee4

SHA1
3bbc070a80cc0c9a853ef18b5fe306c532a4d4fe

SHA256
1d4ff52faef298a9067c8ea271e45442e88c63562e591fbe6f303e29969d577f

SHA512
ffbe900338fe5da81de91e9b49d96dfcb0d01ad69000baa07d8441145f0b40bfe515300472b2f8c77de3d1b8f0adbc0bc7b70f9d4e917d845909350a79f63fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe

Filesize
468KB

MD5
893c5c1564ca67966c52ea76e9828d61

SHA1
97ca37df16132073d3bd462bb0f9023bd9df7581

SHA256
cc9a8dae78a1a94979b80b6aeb6dfdebc10def74ea157b28239e388ee6fc1517

SHA512
bf32b15cc7af388a8935da815ee4a71def24f738b87986c0e575767213481ee3816a8621bb70c87ba2dd9d457cce8be944b865eea96d8bb88ab7761eeb03ac88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe

Filesize
468KB

MD5
78d7b20f02ac7407eb4146e695ba97c9

SHA1
13211d61e479d56ccafac5a903666bd1103ff0c4

SHA256
6d76a3c2ccbafa137cc50a0344dff2379bc03848041c09fda852c63fc6b952c1

SHA512
82065d7ad4d9f1ce7e0508c4ed167a15f3340f98f29c35b5f93a2222b3018a7a334c7a65384e4e2f093d187202a37896bc80bf2ac1c6ae2d2316fba6be5e1cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe

Filesize
468KB

MD5
6e556f50ca834bc80465e51d9081885c

SHA1
7cbe81d308b3b6507c6e06b04f3abba4f3b53afa

SHA256
c70d92e53f91a358e36a415b6db3d337ea5807588e39433bd9dc80cf75336f9b

SHA512
50f655833dde7f5b9ff24882c7c4833e49492b2dfa69c19843f1824e83e2f88cdc145fab6c45fbf191421c51af946394636bacbed7be771dad1c377562187167

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe

Filesize
468KB

MD5
27d89157100f461ba6b91fcc3395ca57

SHA1
e5ece2c8dafe9d8dc9bca153793efc6df4fcf7d1

SHA256
cff2496a7451a69e481c99d1d861d45032da46e3a79f7904342b830a6efdd767

SHA512
ea83347ad932605c95c916d5f5ddc8771b79812d630ae3eae95b1b0cf2f948bf8d4218cb2b36765ce1b0a17611fa859f2b40275cc4512f5ec633afb272b0730d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe

Filesize
468KB

MD5
a01e73c0577e6642256b5cfe7b1f6070

SHA1
222505a85db3f85d7be6eeaa88c7b8835e29d36f

SHA256
939212be0f69257b05856fc52a2fe36e48f31b038462a6a6503669bdaacc9d36

SHA512
8505df2c06d5a74d45136fd2d7296648b1b3ac9f7d9bec037590378e67daaacfadf951ef604a5dc7d892be7970d9421c2f1168122d46940398cfc565b05fb5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe

Filesize
468KB

MD5
f9951000713a46be40f1f122f2da7d44

SHA1
5db4b798f3eb846f8338f65d3724fa2624525406

SHA256
e8093cef94cc7eeacbd913a3e8f894dbadbb9fd4725118a7e0c2dbd7ca307b69

SHA512
a9cee27dafe9c2edcb242f1de0abe56685e9a3a774ac19867d4b92b706595642cc27af01cb82a52e44dd22331a408fe4f4c98071db05f99ce2ad3dae3dbde43d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe

Filesize
468KB

MD5
b3cd894e46cd4d4cbb1c803cbd07d40a

SHA1
237d4fcd72c8c6ad1ddf411c4a06005dc99d070e

SHA256
659dd012f799aca41f7eb28175dad4d398223ef0de5d873d13439cb09bb55e34

SHA512
5435c588d3dc53eb4a14a77a9375e29fd145b9c0b5fa184d542eda7f4d803ec8768a5a9c4155066562e0321a3a80b914a1c8cea6061aeec72aa38664a7bf2fa4

Download Submit
memory/32-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/32-2418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/232-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/404-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/512-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/648-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/684-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/820-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/892-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1076-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1504-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1528-104-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1932-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1976-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2244-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2264-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3060-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3116-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3280-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3376-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3388-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3400-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3644-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3720-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3932-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4028-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4124-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4232-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4340-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4500-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4584-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4608-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4784-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5156-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5176-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5344-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5564-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5572-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5588-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5600-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5616-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5684-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5732-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5812-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5828-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5844-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5856-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5880-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5896-561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5948-560-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6048-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6064-555-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6072-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6092-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17248-2416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads