dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7a

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe
Size

468KB
MD5

752a5ba1ffa05d0f46e197dd437e10f0
SHA1

473df5608c6d9fa8f52624aace5e5fd05d911521
SHA256

dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7a
SHA512

2cd870a3f2aa3df1bf16c7dff48ad39e971d9127d595775a15235c941277332d354a63108c036ce5212d4a08a0d4fd962db5ceeaae34c37814584cd1d4269ce8
SSDEEP

3072:BqobogCdj08U2bYBPz59ff8/5CK3IXpInmHevVpGck03ukYNe2la:BqIoh5U2iP19ffP5SOck6LYNe

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2136	Unicorn-36349.exe
4676	Unicorn-39447.exe
4688	Unicorn-23665.exe
856	Unicorn-22125.exe
548	Unicorn-15994.exe
2888	Unicorn-42545.exe
3892	Unicorn-22679.exe
3220	Unicorn-7516.exe
4696	Unicorn-42881.exe
2408	Unicorn-23853.exe
4884	Unicorn-9197.exe
2868	Unicorn-44273.exe
3868	Unicorn-1294.exe
4028	Unicorn-64785.exe
2284	Unicorn-28491.exe
1208	Unicorn-2446.exe
696	Unicorn-6530.exe
1064	Unicorn-41241.exe
1520	Unicorn-13115.exe
4556	Unicorn-45233.exe
3348	Unicorn-47926.exe
2804	Unicorn-47947.exe
2300	Unicorn-47947.exe
824	Unicorn-28081.exe
3248	Unicorn-28081.exe
4748	Unicorn-47947.exe
3564	Unicorn-29564.exe
1096	Unicorn-35430.exe
2180	Unicorn-26764.exe
4240	Unicorn-47947.exe
3588	Unicorn-47947.exe
4388	Unicorn-23983.exe
1740	Unicorn-52571.exe
4744	Unicorn-24537.exe
3040	Unicorn-14252.exe
4952	Unicorn-61315.exe
3048	Unicorn-30589.exe
4920	Unicorn-53047.exe
216	Unicorn-26048.exe
1608	Unicorn-16775.exe
4948	Unicorn-993.exe
2728	Unicorn-47501.exe
5056	Unicorn-2384.exe
3380	Unicorn-22805.exe
1152	Unicorn-60308.exe
1280	Unicorn-60937.exe
2748	Unicorn-1423.exe
4968	Unicorn-61699.exe
3532	Unicorn-26889.exe
768	Unicorn-20758.exe
4424	Unicorn-20758.exe
4716	Unicorn-54086.exe
3536	Unicorn-54086.exe
968	Unicorn-54086.exe
3056	Unicorn-8149.exe
1992	Unicorn-26889.exe
1296	Unicorn-26889.exe
2948	Unicorn-26889.exe
2824	Unicorn-45263.exe
3108	Unicorn-54086.exe
1648	Unicorn-39425.exe
2052	Unicorn-27081.exe
1888	Unicorn-17543.exe
2892	Unicorn-24319.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
9888	5440	WerFault.exe	227
9428	3616	WerFault.exe	166
14000	14068	WerFault.exe	672

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20999.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16616	dwm.exe
Token: SeChangeNotifyPrivilege	16616	dwm.exe
Token: 33	16616	dwm.exe
Token: SeIncBasePriorityPrivilege	16616	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe
2136	Unicorn-36349.exe
4688	Unicorn-23665.exe
4676	Unicorn-39447.exe
548	Unicorn-15994.exe
856	Unicorn-22125.exe
2888	Unicorn-42545.exe
3892	Unicorn-22679.exe
3220	Unicorn-7516.exe
4696	Unicorn-42881.exe
2408	Unicorn-23853.exe
2868	Unicorn-44273.exe
3868	Unicorn-1294.exe
4028	Unicorn-64785.exe
4884	Unicorn-9197.exe
2284	Unicorn-28491.exe
1208	Unicorn-2446.exe
696	Unicorn-6530.exe
1064	Unicorn-41241.exe
1520	Unicorn-13115.exe
3348	Unicorn-47926.exe
4556	Unicorn-45233.exe
2300	Unicorn-47947.exe
4240	Unicorn-47947.exe
2180	Unicorn-26764.exe
824	Unicorn-28081.exe
4748	Unicorn-47947.exe
1096	Unicorn-35430.exe
3564	Unicorn-29564.exe
2804	Unicorn-47947.exe
3588	Unicorn-47947.exe
3248	Unicorn-28081.exe
4388	Unicorn-23983.exe
1740	Unicorn-52571.exe
4744	Unicorn-24537.exe
3040	Unicorn-14252.exe
4952	Unicorn-61315.exe
3048	Unicorn-30589.exe
4920	Unicorn-53047.exe
216	Unicorn-26048.exe
4948	Unicorn-993.exe
1608	Unicorn-16775.exe
5056	Unicorn-2384.exe
2728	Unicorn-47501.exe
3380	Unicorn-22805.exe
1152	Unicorn-60308.exe
4968	Unicorn-61699.exe
2748	Unicorn-1423.exe
3532	Unicorn-26889.exe
1280	Unicorn-60937.exe
4424	Unicorn-20758.exe
3108	Unicorn-54086.exe
3536	Unicorn-54086.exe
2948	Unicorn-26889.exe
768	Unicorn-20758.exe
2824	Unicorn-45263.exe
3056	Unicorn-8149.exe
1992	Unicorn-26889.exe
1296	Unicorn-26889.exe
4716	Unicorn-54086.exe
968	Unicorn-54086.exe
2052	Unicorn-27081.exe
1648	Unicorn-39425.exe
5064	Unicorn-48269.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2136	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	85
PID 2000 wrote to memory of 2136	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	85
PID 2000 wrote to memory of 2136	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	85
PID 2136 wrote to memory of 4676	2136	Unicorn-36349.exe	88
PID 2136 wrote to memory of 4676	2136	Unicorn-36349.exe	88
PID 2136 wrote to memory of 4676	2136	Unicorn-36349.exe	88
PID 2000 wrote to memory of 4688	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	89
PID 2000 wrote to memory of 4688	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	89
PID 2000 wrote to memory of 4688	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	89
PID 4688 wrote to memory of 856	4688	Unicorn-23665.exe	92
PID 4688 wrote to memory of 856	4688	Unicorn-23665.exe	92
PID 4688 wrote to memory of 856	4688	Unicorn-23665.exe	92
PID 2000 wrote to memory of 548	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	93
PID 2000 wrote to memory of 548	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	93
PID 2000 wrote to memory of 548	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	93
PID 4676 wrote to memory of 2888	4676	Unicorn-39447.exe	94
PID 4676 wrote to memory of 2888	4676	Unicorn-39447.exe	94
PID 4676 wrote to memory of 2888	4676	Unicorn-39447.exe	94
PID 2136 wrote to memory of 3892	2136	Unicorn-36349.exe	95
PID 2136 wrote to memory of 3892	2136	Unicorn-36349.exe	95
PID 2136 wrote to memory of 3892	2136	Unicorn-36349.exe	95
PID 856 wrote to memory of 3220	856	Unicorn-22125.exe	97
PID 856 wrote to memory of 3220	856	Unicorn-22125.exe	97
PID 856 wrote to memory of 3220	856	Unicorn-22125.exe	97
PID 4688 wrote to memory of 4696	4688	Unicorn-23665.exe	98
PID 4688 wrote to memory of 4696	4688	Unicorn-23665.exe	98
PID 4688 wrote to memory of 4696	4688	Unicorn-23665.exe	98
PID 548 wrote to memory of 2408	548	Unicorn-15994.exe	99
PID 548 wrote to memory of 2408	548	Unicorn-15994.exe	99
PID 548 wrote to memory of 2408	548	Unicorn-15994.exe	99
PID 2000 wrote to memory of 4884	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	100
PID 2000 wrote to memory of 4884	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	100
PID 2000 wrote to memory of 4884	2000	dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe	100
PID 2888 wrote to memory of 2868	2888	Unicorn-42545.exe	101
PID 2888 wrote to memory of 2868	2888	Unicorn-42545.exe	101
PID 2888 wrote to memory of 2868	2888	Unicorn-42545.exe	101
PID 4676 wrote to memory of 2284	4676	Unicorn-39447.exe	102
PID 4676 wrote to memory of 2284	4676	Unicorn-39447.exe	102
PID 4676 wrote to memory of 2284	4676	Unicorn-39447.exe	102
PID 3892 wrote to memory of 3868	3892	Unicorn-22679.exe	103
PID 3892 wrote to memory of 3868	3892	Unicorn-22679.exe	103
PID 3892 wrote to memory of 3868	3892	Unicorn-22679.exe	103
PID 2136 wrote to memory of 4028	2136	Unicorn-36349.exe	104
PID 2136 wrote to memory of 4028	2136	Unicorn-36349.exe	104
PID 2136 wrote to memory of 4028	2136	Unicorn-36349.exe	104
PID 3220 wrote to memory of 1208	3220	Unicorn-7516.exe	107
PID 3220 wrote to memory of 1208	3220	Unicorn-7516.exe	107
PID 3220 wrote to memory of 1208	3220	Unicorn-7516.exe	107
PID 4696 wrote to memory of 696	4696	Unicorn-42881.exe	108
PID 4696 wrote to memory of 696	4696	Unicorn-42881.exe	108
PID 4696 wrote to memory of 696	4696	Unicorn-42881.exe	108
PID 4688 wrote to memory of 1064	4688	Unicorn-23665.exe	109
PID 4688 wrote to memory of 1064	4688	Unicorn-23665.exe	109
PID 4688 wrote to memory of 1064	4688	Unicorn-23665.exe	109
PID 856 wrote to memory of 1520	856	Unicorn-22125.exe	110
PID 856 wrote to memory of 1520	856	Unicorn-22125.exe	110
PID 856 wrote to memory of 1520	856	Unicorn-22125.exe	110
PID 2408 wrote to memory of 4556	2408	Unicorn-23853.exe	111
PID 2408 wrote to memory of 4556	2408	Unicorn-23853.exe	111
PID 2408 wrote to memory of 4556	2408	Unicorn-23853.exe	111
PID 548 wrote to memory of 3348	548	Unicorn-15994.exe	112
PID 548 wrote to memory of 3348	548	Unicorn-15994.exe	112
PID 548 wrote to memory of 3348	548	Unicorn-15994.exe	112
PID 3868 wrote to memory of 2804	3868	Unicorn-1294.exe	113

C:\Users\Admin\AppData\Local\Temp\dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe
"C:\Users\Admin\AppData\Local\Temp\dd09b9fb2f03b8022addc8c4cb6048fef59108a854b46283f3ae761491830c7aN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        10⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        10⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        10⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
        9⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        9⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
        9⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        9⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16901.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        9⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        9⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        9⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        8⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        8⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26674.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4999.exe
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        9⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        9⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        8⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        8⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        7⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        9⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        9⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        9⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14003.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        8⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        9⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
        9⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        8⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2497.exe
        8⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        7⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40359.exe
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        6⤵
        
        PID:18044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        7⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7488.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
        6⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        5⤵
        
        PID:17776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        9⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
        9⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        8⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        7⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        7⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        6⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        8⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        7⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        7⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        7⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        8⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        8⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
        7⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        6⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        7⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24728.exe
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
        5⤵
        
        PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        7⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        7⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18747.exe
        9⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        9⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30919.exe
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        9⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        9⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        7⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        7⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        7⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        7⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        6⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        7⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        7⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        6⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64200.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52195.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        6⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        6⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        6⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        5⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        5⤵
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45516.exe
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        6⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        5⤵
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        6⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        6⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        6⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        7⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        6⤵
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31111.exe
        5⤵
        
        PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        5⤵
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
      4⤵
      PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        5⤵
        
        PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      4⤵
      PID:14068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14068 -s 476
        5⤵
        Program crash
        
        PID:14000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        7⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        7⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33825.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        5⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        5⤵
        
        PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        6⤵
        
        PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
      4⤵
      PID:15680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
      4⤵
      PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
      4⤵
      PID:14164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
    3⤵
    PID:8832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23852.exe
    3⤵
    PID:13100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
    3⤵
    PID:15856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        9⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        10⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        9⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        9⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43932.exe
        8⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        9⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59495.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        7⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        6⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26982.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        7⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        7⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
        5⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55729.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        6⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
        7⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25004.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        7⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        6⤵
        
        PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        5⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        6⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        5⤵
        
        PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
      4⤵
      PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
      4⤵
      PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        5⤵
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
      4⤵
      PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
      4⤵
      PID:16496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
        6⤵
        Executes dropped EXE
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
        9⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        9⤵
        
        PID:18240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        7⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        7⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        6⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        7⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        5⤵
        Executes dropped EXE
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        7⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        6⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        5⤵
        
        PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
      4⤵
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        5⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        5⤵
        
        PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19183.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        5⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        5⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
      4⤵
      PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
      4⤵
      PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        5⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15748.exe
        6⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        6⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        5⤵
        
        PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        6⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        5⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        5⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
      4⤵
      PID:16380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        7⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        5⤵
        
        PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      4⤵
      PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
      4⤵
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
    3⤵
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        5⤵
        
        PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
      4⤵
      PID:16016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
    3⤵
    PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
      4⤵
      PID:17500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30601.exe
    3⤵
    PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
      4⤵
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
    3⤵
    PID:14088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49982.exe
    3⤵
    PID:18088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        9⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        9⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        8⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        7⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        7⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48056.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        7⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27491.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        7⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        7⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        5⤵
        
        PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        5⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        6⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        8⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        7⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        6⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        6⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        7⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42583.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
      4⤵
      PID:14740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
      4⤵
      PID:15656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        8⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        6⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        5⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        5⤵
        
        PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        7⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16835.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9056.exe
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
      4⤵
      PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
      4⤵
      PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
      4⤵
      PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
      4⤵
      PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
      4⤵
      PID:16492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
    3⤵
    PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
      4⤵
      PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
    3⤵
    PID:15876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        6⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10505.exe
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        5⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41410.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41379.exe
      4⤵
      PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
    3⤵
    PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
      4⤵
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
      4⤵
      PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
      4⤵
      PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
    3⤵
    PID:13976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
    3⤵
    PID:17200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
    3⤵
    PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
      4⤵
      PID:5440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 640
        5⤵
        Program crash
        
        PID:9888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 632
      4⤵
      Program crash
      PID:9428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
      4⤵
      PID:16344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
    3⤵
    PID:9244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
    3⤵
    PID:13856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
    3⤵
    PID:18208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
    3⤵
    PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
      4⤵
      PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
    3⤵
    PID:9548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
    3⤵
    PID:15332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
    3⤵
    PID:14148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
    3⤵
    PID:15324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
    3⤵
    PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      4⤵
      PID:13896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
    3⤵
    PID:14452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
    3⤵
    PID:3060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
  2⤵
  PID:8432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
  2⤵
  PID:12316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
  2⤵
  PID:17040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5440 -ip 5440
1⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3616 -ip 3616
1⤵
PID:8552

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe

Filesize
468KB

MD5
f58702abcd423b11714b6b100585ddaa

SHA1
35f72637a9962eccfd8c689d7e4122db794bc888

SHA256
c960e35790ec31c1510f18a6d7ebe3be68f82f4f1736e071ce5c58b9daee1d02

SHA512
e3879c58f5588ff95a4b0557e1fad9e8b8b835b64c1c7951a6a84ea94771d873ef510d70285b13ae6b2f341fe46994a12122b59d2c4bdeb14ac30ab0fd399102

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe

Filesize
468KB

MD5
947b00c113e08cea558f5d781cd90cdf

SHA1
8275f143838e8eaae69cc4340af60837db91aae6

SHA256
c5ce2b0b4786a91d1b55eda2c4f712ca5773a89ebf735054fb16b1a759763239

SHA512
5fef6742ac856b88b08158fdf3a78a561b4b555867c34c13edaaa2bc182f87856b8050876749a81e4a56b923995fa9af0eebed7276fbd8d4466be2fc3b7d179f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe

Filesize
468KB

MD5
8ef209e75b426b0669d9abbda69ea93c

SHA1
d27ed8c0cc288f4c5dc379d7ecdebb3d7af013ca

SHA256
7dd788b74f84e19f02fb84c240a5ab06b0012e3f7de4c1c641c2e0765583cce1

SHA512
41c3f23f6e3231596452ebf11d2beefbc298493a03dcb3a98d8c344529b79a015bba1afd0cbc74c5f65dd1765585257a21702acbcee8cda8c74a8ac0bfb9fc57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe

Filesize
468KB

MD5
9c182aba08d23c015233d52474f2da80

SHA1
730fa0f51fb7155e7b644018ad752e727af65d19

SHA256
9038a2c4a830b993c3338ef01c450249cbfdbf3157dbcca8e3726ae732882c6f

SHA512
222a9460f9550e475ec2ed87011313ba6b7583cf10e965dfe20c0534599373cd3527f0219afd5d41073cd52756444e9620f07a9525791998f8b93e3c4cb9ccf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe

Filesize
468KB

MD5
408ad0a7ed13bdabac4f1ef777446fc8

SHA1
98c9c61f8e08f60271580f173bc10651bc99202b

SHA256
66b7feaed7ff910f9330de446d78417e33a5ad1a83a74f6a2e2659586ca2feb9

SHA512
2e62c2190200a21c27f29c6f1bbe1d7ec8e65ca49c56b22816889e078b1f5e4b0c8342d90fe1c29735d1a8165c1cbaf7a035ce496bf383c9b09b047aa6ae6b94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe

Filesize
468KB

MD5
843a5bd4755aa38bdbaf785a754fe2c4

SHA1
c4cfc3d1b41d873602decd5b436fa627c9bf363e

SHA256
56250f0e64b8ff5d19f0d855dc5f5d55452c12263f4cdec37f85bc3eecc0580d

SHA512
c98fa3b6ab03b51c6c801f00c31f0c546f3b08dca7603f069db1ddfe7801245941f58d45c5bf593ce6d06b95ca8cbf3a873f8915c37c219e4c858d4438ccc46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe

Filesize
468KB

MD5
e8840694a4c9a04ff61e6badfc3b7c56

SHA1
7451e851f3c08e699f0e0f69bc00acef9330078a

SHA256
88cff149c9949f62a906a4a297965e6cb1f2c243be7c501e0cf22ca5b701ddcd

SHA512
ee746699a83247760c01e26d0e247423d1e958910d69ac5a42872e050494ce7c810876db26630a569c8b0872a217da0e326fdfcc0cec29aa639e133638f8be4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe

Filesize
468KB

MD5
3ffe311605f9721d370e6d9a8ecfc53c

SHA1
9536f3d86491dfec7d075f48e01a090c6aea62a6

SHA256
feb1b0cddd9d266722f1a9925574e73c3bb03339512811db5b388dec8d5067f9

SHA512
4fa47e40141fee23f4e55498b689f62971542c153e651d1b0956f96d03c46eba6a7ce7207d544f161427400cb86d4a51ac9c3fc6724004b2e3fb7d06e42cd9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe

Filesize
468KB

MD5
c8d5ff16d8a6bc0bc619a00650a0c218

SHA1
de745633cc46759e980b12773183132b4eedf322

SHA256
63ef168da1a492443daffff1d44d081b01a1d1818358842ddd6444f3fac6f70b

SHA512
01353867a11bb7c9c14cbafee008a6291486ff68559e772072bc8f81ad9ba67106d29a59ae62ff538cd27e527253c651bddd1e50915f354083bd47d47cf640f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe

Filesize
468KB

MD5
431bbb24a3dfe787ffb7c8a1c787b325

SHA1
247aff570517a8a4eee9ee9f751aafa1f389418c

SHA256
1beacdaa0852d3347b4c229ac16a3b1e033507963ad594e2d5f90d199b949cc9

SHA512
a47d1a24de86acb4aa93994af72a61cb59c57f1b34b01f0bde3cbe975753abec67b5ba7b33ab06d77cef783c46ae37aef4248fdff26bb022a6fd88c561d4e81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe

Filesize
468KB

MD5
91f1a8bf4ffa6c18898b469710ceddf7

SHA1
67e58f6fb7865c6a8fea136ee4428ea39e02ef6e

SHA256
5b1a7055b7b0bc0c1bbae8b3f3572450ee21bee1f71f4baa586d9440367353ef

SHA512
77bed6e03f4721571a32e29570654eee30230acee80d1e1524df69c2434ac3f07f44002cbfe73d93ef27e440f2947a8d131fc943c29bfa825e482d333d96d82f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe

Filesize
468KB

MD5
2e139b78581fbed930d0e472bf5c26dc

SHA1
34c93a71fc9af75399666d344d81d97887e881d2

SHA256
9923f5f09bc6d6c97a5b0d1984c3445ae62008a2654cc6105ed182300534f33e

SHA512
bd8cef9ea6cedf3228dc6452a346d258940ffd49e851bba3c801f0ff321fe714bf26f667fa48ce25068080d5462c543df0f26ad03abeaa33164e38efc65e6d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe

Filesize
468KB

MD5
48674e6ca95386fda8c4395d723687bf

SHA1
9aa63fb6c037b613ccc963be15b69a2e09c15d0c

SHA256
373f0f5f741b4483d565a6c408cecc905a5d18f856684291a05dcba956ca93e2

SHA512
19f78148ee07e7bc5ffeda7ad25dd534dd6090def36a6aead2bbde2c47093650e4ad7b9abcff31544614656f875496f0a210f0ef24cc242577e45f39edad9839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe

Filesize
468KB

MD5
c4b97d5efc2019415b8e966eb3bc2df7

SHA1
a713bc5856b48edf08d6ce22d449f761cf51ee9b

SHA256
d48d3a01aa0968e5052a13dcd78db7dc1dca70bd9450d3c48919f08e1b4a5b4f

SHA512
ee56913bc7a1643dd70fb8bbe24d491a9f20a997220792d361ac43c459bfd3990bb0e107e75a72211d22ef2ec5850b4b2de87a741ef56822eab6757d26b8f2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe

Filesize
468KB

MD5
32c01e437acdc89d0c313e738135f867

SHA1
ab9551e4e585db7c3d2531961c601f90cd39bb45

SHA256
8c184b84e78e900dfa5118c393d1fbfe75e5018729b6bef4634b0de55f9d73e2

SHA512
65825a8fa308f174fd3af12bf1489871425346ef7cfa14aac9dad42d073e19068295b49b1742d40f3fe5154f2ead3aab8b17e0ef9290c0c86f486ce989e549e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe

Filesize
468KB

MD5
0c5786f62e51103f4959b17ce76a18cf

SHA1
1e9ed412991a536a508d71519f50d6b4ff27be96

SHA256
4698e662f14444930249b1690a3a95a60f9aef1cd9a069a9a248b71bf4fe4f66

SHA512
8e09f1f9bcfb7f936ea497291a5acc32fc48d86777a6ebb0b9b5ae8155fdfdb66e3a1fd5c8a1550e1120aec9ea2d3492b917add458a869988f046103de9d1eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe

Filesize
468KB

MD5
dfea57ff6db3e35bd60db2619934e1fa

SHA1
9bb38bd04dadb81bd84b5f5c76bd64a3de69e918

SHA256
3ae476fac53c8a9c96150fe51fb52c2c19db2eb20798fc1e39d5c6f9bb04544a

SHA512
4bf6e7bef2806b5498d36e657de54fef3b344ca7e1289b294463aef526fefdd4892ed74c6ab7e0fec495d0b970d94e8cf21fd48ae6959c75c84815703d04db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe

Filesize
468KB

MD5
7d4b3f2b9d8b20e732273f942b299bba

SHA1
0370559920d3a26ee4ab2b163bd04f8edfbf7732

SHA256
86984cec630877641cda597a736abf249b6a01f5778200ba7d8f0b7ee019ff64

SHA512
4237163fa79fb3b8f8c501029ad4ff36b733a875ea9eed25b82f44ace0c61d3eebc9a65a792b9838f8e926566a38e9225caf9aa6e37015d9785a93cd5e4dcac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe

Filesize
468KB

MD5
7f622316aef99315f3026096ded7c2e6

SHA1
0eeab846362739ed31fefce03cf6ec8150116efa

SHA256
70dd293041ad35bd470ceb067ed7d1e4b14a6269b0af80a358ce223bc52d3e80

SHA512
3b9fcc7f847bfc79cdee94d370f87e0c4bb6a7a0c2f861e30109d959a22d6fda535c4458305023091eea42a41478539a1542e994bb3f9480756b73dd907e3a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe

Filesize
468KB

MD5
8af3199bb99a120b6ed8c6808c3413cd

SHA1
bc35aa42967bb1dbfbcf9b02af613d7750fa1347

SHA256
3b39f8585d8dd92241e71a9feacdd3ea33dea7a05b168be06133ca929e96a9aa

SHA512
bddcd66d8a6c76f87c25a4f74529fa6ef8976075acabf089da22adfa7cf4e2ea0e0943c2569009dd5726eb783553c6a2fe9b18baa7a3ff587bf087ff347d0852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe

Filesize
468KB

MD5
696d0082cb015575bf0871e3f14af86a

SHA1
032f0a69506ea5c4fc029b4d840b6ee4f2d788f4

SHA256
6b111b811f1c1bcd54a4c41aec668622aa1829b069d1d25c228dffb1337af8c6

SHA512
ad4f530b21103304f03ea919012edef35fc048ad6a505149199d1c1df2d6aa9b1f824a77a84096323004b0c983e0a59ca8cb8e0fb1fa7cb2fb058c478cb4c608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe

Filesize
468KB

MD5
db1c615e6ddb2f0a248f77bb12972960

SHA1
cf8880af5cb0eea32b61167384977acf26196953

SHA256
4aa52d548beab00b188ce9843a33e9aa22004ab461e2a60c2bbee73af939046c

SHA512
2fec6d9730fbccf5db4552c430dc0b6ecd6147b02de44f2428e72de74842dc9125458cef245bcb242d48377d211217a4717f5b79dd1943faa1fc8f53771b16d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe

Filesize
468KB

MD5
9a205ccebdee4c1d6df56c61857978e3

SHA1
878a3089d043407bdb3aa13593c1137e7ddfbfbc

SHA256
637b8b71d2e0d351b5ec540d4f2f136550e461c964710c582a3f3e0a1cf92aee

SHA512
c31e90860d4bc30e6b8066bcafa22837398fd53305917ddb9eced4a24b3dc92efd951af266c086f0488ce1f1ed037366b93f735169e6895b2d4f67c7d47911eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe

Filesize
468KB

MD5
ee4e1fe1225b239e6eab0188ddf83bb6

SHA1
0c30440fbf6b49d86ff3956aecc1fe6ae1ac8efc

SHA256
8933ef6b6bf6a0c0af5822cdf4269e44cc15f3e0ce3a6dba8879744f1728ea31

SHA512
a3dac21db14b1082175afd458989ad7d4104a73a9a3fbef6e8a802ee885aca2aa8ae607829b170fff7084d700aec02e10dde62b20e80674fbd4a5940e1888576

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe

Filesize
468KB

MD5
98d34d63a0a84e1433b60bf9d987ef9f

SHA1
c4eaca8e14071d71d22bc14623cce3b79eb15605

SHA256
6b091c30ed42587160c1c0b2218297662ed85f096a2317c079b415fe2d2895e5

SHA512
9d0b036f4d882a096c73e688ee2a88d2df9f191fbc99ab1d73eda99af47cb24c101e758936b88465d622313e49eceae7177d3ece7bb82416a390315438cd0928

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe

Filesize
468KB

MD5
a7b02141a07c5cace2496de70ce155e7

SHA1
847a70a502fa312576af8d4b6f233a0185da2c7d

SHA256
9beade4b15e4650d35c2c1f005643ef8bf62d9b3f6168a8da30392220069c1d3

SHA512
f46268336d26fee43f3a91607f127d66ed6d73708eee1da54509ca9a83b2df62adb9cfb543c719f0b77ddef7081a02f0e43ae5a7bb2302abbf8199ef8b26dc74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe

Filesize
468KB

MD5
5701f0e05a6beb26cfcb27090df2c416

SHA1
d84c25156f9554408a6fc359379be8996561addb

SHA256
fbe1f9b0d5c5f9853faa7dff98d26a50a0e90e0e64b24a4c8bb6223189b51dec

SHA512
368c094a49f8749ba58bb6889b958ac0d9ae104ec375cacf2a71d34252cf6b0c6b27fd536ba641ad85c1a3fbea9c200d208c7d4240254e10c5b15175eeed2f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe

Filesize
468KB

MD5
d2b1da937e8744e46901a876ba4b2351

SHA1
c0720249ec561a23b5b7e6c9a1e8e949bbae8a80

SHA256
f38811c39ab711ea9b62d3f622c3a47decc9d42f98715c498fb3d378938d81b3

SHA512
6491fad3ae5d6660322b0cc55cd492d4ee7c3bd3dc95c3838d940eb99b9d27dea4c01572868b6b592de32f293b0c30ef68af710c27f63ab8bd231fd6945356cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe

Filesize
468KB

MD5
5a9b0985d1fbe1f75ec8bf6bdd5e4807

SHA1
2d8e5eaa43d5e2a95bf203304a4ff18c13a1ba89

SHA256
6af3dbd9455cea5dfecd1fb1550acb49b88e708bcc5e51717967995085956306

SHA512
56f23c3c60386a7ac4fd0fe7e7df580792c4d106b800cd425adc74e5518b4e54e6e85bfd58692ae5d3ef74120d78e32a4cf48cd907e570a74e10a1489ddc8821

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe

Filesize
468KB

MD5
cb431553904ed7e6d08f337fbc9ad79b

SHA1
df8c3c852df51f0cac4e4830ec35560526a317c0

SHA256
4c9155275d347f0e72aaaa457f1df8b203212e7e6f7ebaa0a9e1d8221e084f93

SHA512
ff00b5cc33f72e1dcd3f4f6be05f7efb933c604dd48c800d1137727ed87d78941fcbad691822c56e0873dcade4d57058bb3839aceeda2589b6fef34e81f7fd76

Download Submit
memory/216-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/548-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/696-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/824-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/856-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1152-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1208-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1256-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1280-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1612-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1740-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1992-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2000-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2000-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2136-2496-0x0000000075510000-0x00000000755C9000-memory.dmp

Filesize
740KB

Download
memory/2136-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2408-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2424-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2640-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2868-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3040-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3164-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3220-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3248-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3348-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3380-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3532-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3564-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3616-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3840-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3892-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4028-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4152-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4248-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4388-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4688-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4696-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4920-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5272-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5360-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5428-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5488-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5532-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5572-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5680-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5700-575-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13720-2597-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14148-2942-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14264-2881-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14784-2604-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15144-2412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15316-2662-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads