3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2

Analysis

max time kernel
120s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe
Size

468KB
MD5

0edb1751eb219be8eb2baac5e4cab1b0
SHA1

707c89a1a3ef589776230cee38e446fbfaf8a9d1
SHA256

3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2
SHA512

49b483aadbd39da23cf62f69072641ed46b4cc9d7e132dcb941882a4ea3331199f92928bcc9540296ef394e2cb776d3120b6b650fa4108b0cd28c5b86392cd7f
SSDEEP

3072:W1N/ogLdap8Un+/SPz5FafwcfhzWI8JnmHY0V3Fy2uaibFN4wlM:W11o96UnBP1FafGxxiy2dwFN4

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4464	Unicorn-16785.exe
3920	Unicorn-36411.exe
4468	Unicorn-43187.exe
4688	Unicorn-31341.exe
908	Unicorn-42187.exe
3436	Unicorn-22321.exe
3032	Unicorn-5330.exe
692	Unicorn-8336.exe
5072	Unicorn-45840.exe
2832	Unicorn-168.exe
512	Unicorn-63659.exe
1932	Unicorn-22727.exe
2660	Unicorn-57537.exe
3936	Unicorn-61356.exe
4656	Unicorn-41755.exe
4844	Unicorn-16287.exe
1752	Unicorn-22871.exe
2184	Unicorn-44683.exe
4600	Unicorn-15332.exe
3220	Unicorn-34377.exe
2324	Unicorn-38461.exe
3160	Unicorn-56935.exe
4056	Unicorn-10427.exe
1384	Unicorn-46721.exe
4812	Unicorn-26209.exe
2976	Unicorn-42637.exe
4540	Unicorn-61019.exe
3740	Unicorn-52586.exe
3288	Unicorn-32985.exe
3376	Unicorn-32985.exe
1936	Unicorn-11024.exe
1740	Unicorn-60780.exe
1180	Unicorn-15108.exe
2004	Unicorn-15200.exe
4880	Unicorn-35529.exe
3912	Unicorn-42305.exe
4504	Unicorn-7495.exe
1464	Unicorn-62171.exe
4496	Unicorn-33197.exe
5052	Unicorn-39997.exe
1760	Unicorn-65248.exe
4164	Unicorn-11984.exe
1416	Unicorn-64507.exe
876	Unicorn-26375.exe
244	Unicorn-57101.exe
436	Unicorn-65269.exe
3944	Unicorn-9581.exe
2972	Unicorn-48741.exe
3408	Unicorn-30358.exe
4576	Unicorn-36489.exe
2416	Unicorn-50879.exe
4416	Unicorn-54963.exe
4584	Unicorn-20707.exe
2336	Unicorn-14485.exe
3536	Unicorn-50879.exe
4092	Unicorn-14022.exe
536	Unicorn-54963.exe
2408	Unicorn-34086.exe
4900	Unicorn-5662.exe
4088	Unicorn-48933.exe
2532	Unicorn-31205.exe
4512	Unicorn-16837.exe
1780	Unicorn-35311.exe
1688	Unicorn-4584.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
12044	6580	WerFault.exe	276

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63977.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16032	dwm.exe
Token: SeChangeNotifyPrivilege	16032	dwm.exe
Token: 33	16032	dwm.exe
Token: SeIncBasePriorityPrivilege	16032	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe
4464	Unicorn-16785.exe
3920	Unicorn-36411.exe
4468	Unicorn-43187.exe
4688	Unicorn-31341.exe
3436	Unicorn-22321.exe
3032	Unicorn-5330.exe
908	Unicorn-42187.exe
692	Unicorn-8336.exe
2832	Unicorn-168.exe
1932	Unicorn-22727.exe
3936	Unicorn-61356.exe
2660	Unicorn-57537.exe
4656	Unicorn-41755.exe
512	Unicorn-63659.exe
5072	Unicorn-45840.exe
4844	Unicorn-16287.exe
1752	Unicorn-22871.exe
2184	Unicorn-44683.exe
4600	Unicorn-15332.exe
3220	Unicorn-34377.exe
3288	Unicorn-32985.exe
3160	Unicorn-56935.exe
2976	Unicorn-42637.exe
3740	Unicorn-52586.exe
4540	Unicorn-61019.exe
2324	Unicorn-38461.exe
1384	Unicorn-46721.exe
4056	Unicorn-10427.exe
4812	Unicorn-26209.exe
3376	Unicorn-32985.exe
1936	Unicorn-11024.exe
1740	Unicorn-60780.exe
2004	Unicorn-15200.exe
1180	Unicorn-15108.exe
4880	Unicorn-35529.exe
3912	Unicorn-42305.exe
4504	Unicorn-7495.exe
1464	Unicorn-62171.exe
4496	Unicorn-33197.exe
5052	Unicorn-39997.exe
4164	Unicorn-11984.exe
1760	Unicorn-65248.exe
1416	Unicorn-64507.exe
876	Unicorn-26375.exe
244	Unicorn-57101.exe
3944	Unicorn-9581.exe
2972	Unicorn-48741.exe
436	Unicorn-65269.exe
2416	Unicorn-50879.exe
3408	Unicorn-30358.exe
4416	Unicorn-54963.exe
4576	Unicorn-36489.exe
4584	Unicorn-20707.exe
2336	Unicorn-14485.exe
4092	Unicorn-14022.exe
4900	Unicorn-5662.exe
536	Unicorn-54963.exe
3536	Unicorn-50879.exe
2408	Unicorn-34086.exe
4088	Unicorn-48933.exe
2532	Unicorn-31205.exe
4512	Unicorn-16837.exe
1688	Unicorn-4584.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 408 wrote to memory of 4464	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	82
PID 408 wrote to memory of 4464	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	82
PID 408 wrote to memory of 4464	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	82
PID 4464 wrote to memory of 3920	4464	Unicorn-16785.exe	83
PID 4464 wrote to memory of 3920	4464	Unicorn-16785.exe	83
PID 4464 wrote to memory of 3920	4464	Unicorn-16785.exe	83
PID 408 wrote to memory of 4468	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	84
PID 408 wrote to memory of 4468	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	84
PID 408 wrote to memory of 4468	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	84
PID 3920 wrote to memory of 4688	3920	Unicorn-36411.exe	85
PID 3920 wrote to memory of 4688	3920	Unicorn-36411.exe	85
PID 3920 wrote to memory of 4688	3920	Unicorn-36411.exe	85
PID 4468 wrote to memory of 908	4468	Unicorn-43187.exe	87
PID 4468 wrote to memory of 908	4468	Unicorn-43187.exe	87
PID 4468 wrote to memory of 908	4468	Unicorn-43187.exe	87
PID 4464 wrote to memory of 3436	4464	Unicorn-16785.exe	86
PID 4464 wrote to memory of 3436	4464	Unicorn-16785.exe	86
PID 4464 wrote to memory of 3436	4464	Unicorn-16785.exe	86
PID 408 wrote to memory of 3032	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	88
PID 408 wrote to memory of 3032	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	88
PID 408 wrote to memory of 3032	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	88
PID 4688 wrote to memory of 692	4688	Unicorn-31341.exe	89
PID 4688 wrote to memory of 692	4688	Unicorn-31341.exe	89
PID 4688 wrote to memory of 692	4688	Unicorn-31341.exe	89
PID 3920 wrote to memory of 5072	3920	Unicorn-36411.exe	90
PID 3920 wrote to memory of 5072	3920	Unicorn-36411.exe	90
PID 3920 wrote to memory of 5072	3920	Unicorn-36411.exe	90
PID 3436 wrote to memory of 2832	3436	Unicorn-22321.exe	91
PID 3436 wrote to memory of 2832	3436	Unicorn-22321.exe	91
PID 3436 wrote to memory of 2832	3436	Unicorn-22321.exe	91
PID 4464 wrote to memory of 512	4464	Unicorn-16785.exe	92
PID 4464 wrote to memory of 512	4464	Unicorn-16785.exe	92
PID 4464 wrote to memory of 512	4464	Unicorn-16785.exe	92
PID 908 wrote to memory of 1932	908	Unicorn-42187.exe	93
PID 908 wrote to memory of 1932	908	Unicorn-42187.exe	93
PID 908 wrote to memory of 1932	908	Unicorn-42187.exe	93
PID 3032 wrote to memory of 2660	3032	Unicorn-5330.exe	94
PID 3032 wrote to memory of 2660	3032	Unicorn-5330.exe	94
PID 3032 wrote to memory of 2660	3032	Unicorn-5330.exe	94
PID 408 wrote to memory of 3936	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	95
PID 408 wrote to memory of 3936	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	95
PID 408 wrote to memory of 3936	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	95
PID 4468 wrote to memory of 4656	4468	Unicorn-43187.exe	96
PID 4468 wrote to memory of 4656	4468	Unicorn-43187.exe	96
PID 4468 wrote to memory of 4656	4468	Unicorn-43187.exe	96
PID 692 wrote to memory of 4844	692	Unicorn-8336.exe	99
PID 692 wrote to memory of 4844	692	Unicorn-8336.exe	99
PID 692 wrote to memory of 4844	692	Unicorn-8336.exe	99
PID 4688 wrote to memory of 1752	4688	Unicorn-31341.exe	100
PID 4688 wrote to memory of 1752	4688	Unicorn-31341.exe	100
PID 4688 wrote to memory of 1752	4688	Unicorn-31341.exe	100
PID 3936 wrote to memory of 2184	3936	Unicorn-61356.exe	101
PID 3936 wrote to memory of 2184	3936	Unicorn-61356.exe	101
PID 3936 wrote to memory of 2184	3936	Unicorn-61356.exe	101
PID 408 wrote to memory of 4600	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	102
PID 408 wrote to memory of 4600	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	102
PID 408 wrote to memory of 4600	408	3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe	102
PID 2832 wrote to memory of 3220	2832	Unicorn-168.exe	103
PID 2832 wrote to memory of 3220	2832	Unicorn-168.exe	103
PID 2832 wrote to memory of 3220	2832	Unicorn-168.exe	103
PID 4656 wrote to memory of 2324	4656	Unicorn-41755.exe	104
PID 4656 wrote to memory of 2324	4656	Unicorn-41755.exe	104
PID 4656 wrote to memory of 2324	4656	Unicorn-41755.exe	104
PID 2660 wrote to memory of 3160	2660	Unicorn-57537.exe	105

C:\Users\Admin\AppData\Local\Temp\3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe
"C:\Users\Admin\AppData\Local\Temp\3bd450cb27d6119cc1440440bf9f7741c3af2d9f06235986df4ab559821847f2N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        10⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
        11⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        11⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        11⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        10⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        10⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
        10⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        10⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
        10⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        9⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        9⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        9⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        9⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        9⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        9⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
        8⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        10⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        10⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        10⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        10⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        9⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        9⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
        9⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        8⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        10⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
        10⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        9⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        9⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        9⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        9⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        8⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        8⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        8⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        8⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33088.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        9⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        8⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        8⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        7⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        7⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        7⤵
        Executes dropped EXE
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59130.exe
        8⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        9⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
        9⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        9⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        8⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        7⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        9⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        9⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        9⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        8⤵
        
        PID:17732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        8⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        7⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
        6⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42627.exe
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        9⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        9⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        8⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        7⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        7⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        7⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        6⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        6⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        5⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        7⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        5⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        5⤵
        
        PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        6⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        8⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        7⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41537.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24227.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        7⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        7⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        5⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        6⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55980.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51589.exe
        5⤵
        
        PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        8⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        8⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        7⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49948.exe
        7⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        6⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        6⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29747.exe
        5⤵
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        5⤵
        
        PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        5⤵
        
        PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
      4⤵
      PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        9⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        9⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        8⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        8⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        9⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        9⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe
        9⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        7⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22625.exe
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        6⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        8⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        8⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        7⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19767.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        7⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        6⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        7⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        5⤵
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
      4⤵
      PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
      4⤵
      PID:15196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        9⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1951.exe
        9⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        8⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        8⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37059.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        7⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        6⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
        6⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        7⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        6⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
        5⤵
        
        PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60931.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        7⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        5⤵
        
        PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43180.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        5⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      4⤵
      PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        5⤵
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        5⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
      4⤵
      PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        5⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        7⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60495.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        6⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54835.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        5⤵
        
        PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        5⤵
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
      4⤵
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        5⤵
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
      4⤵
      PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
    3⤵
    PID:7244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
    3⤵
    PID:11008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
    3⤵
    PID:15004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
    3⤵
    PID:17440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        9⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        9⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        9⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        8⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        7⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        7⤵
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        6⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        8⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        7⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        6⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        5⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        6⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
        5⤵
        
        PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        5⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        5⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
      4⤵
      PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        7⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 644
        8⤵
        Program crash
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        6⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        7⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        7⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        5⤵
        
        PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
      4⤵
      PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
      4⤵
      PID:16388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        8⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        7⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        6⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        6⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        6⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
        5⤵
        
        PID:620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        5⤵
        
        PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
      4⤵
      PID:18236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60638.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        5⤵
        
        PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
      4⤵
      PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
      4⤵
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
      4⤵
      PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
      4⤵
      PID:16868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
    3⤵
    PID:14984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
    3⤵
    PID:7056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        7⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        6⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        6⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50173.exe
        5⤵
        
        PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        6⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        5⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        5⤵
        
        PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        6⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
      4⤵
      PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
      4⤵
      PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
      4⤵
      PID:7600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
    3⤵
    PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
      4⤵
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
      4⤵
      PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
      4⤵
      PID:15896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22722.exe
    3⤵
    PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
    3⤵
    PID:12228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
    3⤵
    PID:17552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
    3⤵
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        7⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-224.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        6⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        6⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
      4⤵
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
      4⤵
      PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        6⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58282.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        5⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        5⤵
        
        PID:18280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
      4⤵
      PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
      4⤵
      PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
    3⤵
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        5⤵
        
        PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
      4⤵
      PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
      4⤵
      PID:16076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
      4⤵
      PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
      4⤵
      PID:10288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
    3⤵
    PID:8716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
    3⤵
    PID:16960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1979.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28425.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6576.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        5⤵
        
        PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
      4⤵
      PID:9732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
      4⤵
      PID:17320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
    3⤵
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
        5⤵
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33329.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
      4⤵
      PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
      4⤵
      PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
      4⤵
      PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
    3⤵
    PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
    3⤵
    PID:13092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11509.exe
    3⤵
    PID:17764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
    3⤵
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
      4⤵
      PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
    3⤵
    PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
      4⤵
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
      4⤵
      PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
      4⤵
      PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
    3⤵
    PID:9968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
    3⤵
    PID:13568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
    3⤵
    PID:5552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
  2⤵
  PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
      4⤵
      PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
    3⤵
    PID:8364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
    3⤵
    PID:13808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
    3⤵
    PID:16380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
  2⤵
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
    3⤵
    PID:12300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
    3⤵
    PID:4520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
  2⤵
  PID:1440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
  2⤵
  PID:15116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
  2⤵
  PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6580 -ip 6580
1⤵
PID:11504

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16032

C:\Windows\system32\WerFault.exe
"C:\Windows\system32\WerFault.exe" -k -l WATCHDOG WATCHDOG-20240927-2142.dmp
1⤵
PID:8908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe

Filesize
468KB

MD5
fc7ad4583d305794339d783f71c5aeee

SHA1
24f5e591f94b641a48c0d560e199202e29fcd51b

SHA256
b5f1a5223f19090a39f2864940a31d45d70fa94666a55cdc0d67e7c6f91dfcf5

SHA512
4a6e7f5d8f0d76f6540e1bd159b5f73a2cbfa03837b1b729d1f9b63309bce125687964d7c562b43f63d9e34fda1d21bbb794e555178dca61d2beaf0c551a8c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe

Filesize
468KB

MD5
2310b7abd2aff77c06ea2070ef7c0cf4

SHA1
97e4d15f773a0d501aa3c6e179ec0744ae6f5760

SHA256
fd20d0060537d2d7e8d7bb0d94e0e9d8f3c0229c3ad43cbc3451703ac8e1440d

SHA512
5fecc357be6dadb6ec511ab8aabca778bb952c9a0be899620a002d4eec358ffbe26b401e3641dabda758a2fcb53c5feabbc0985da84e6b8961cbebd48293113f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe

Filesize
468KB

MD5
7e1d54fc992f0cc6cff083c264ff8f65

SHA1
bb2a5f443bc5fbf810f617f3612acbb277140f5b

SHA256
53227e00d09003968a3cfd2f906f702f787b7b2bec988210db7c8beca361ae2f

SHA512
b2e4b72b0a45c58dd7cef62c139ab84c6503bf496bb90ee3ef8b942ff4c939510316c50a4598f3194b3583d0708794e477e02f5f8b8b01ecdf7d42d6ac828890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe

Filesize
468KB

MD5
b451f747d40f90eede997d6d266e3780

SHA1
fbefe9401271e2de57718d8ddb849459c5a449f1

SHA256
51caaf80dadabb798bad1f255312ba2627deb5c6ae7309390f9e980892b6b6de

SHA512
7736ea54350dff6fb4f8b840bdfe1adcbf207f1113b7023fca37031417919f011d91810d726f665d8b76ef4e40a5e60381a403819acbb6791196f08b7ae2f94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe

Filesize
468KB

MD5
b4124bd7b951adec805f42ca694bbc9f

SHA1
e49db7f2b4f6b8f75b6dabce8440fe1c20b3b58f

SHA256
033f57591ff79c7d5dde544ec86c4552d22a3c6c7983000a3e2094fa114ca4ea

SHA512
9c9f8e5585f8a68466d83a21fd7c0f511af92c1594751fe1881846ed732b25f060480b10f91f415ae62b21b554fc8d95959b7e7887a5aba239148595f72201bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe

Filesize
468KB

MD5
d7b6db4d773afe830d355668820e1b05

SHA1
c5a6570abd079cc3e7dcc3483ad604226d77b925

SHA256
68ccb869fe33bcc7ee4e6141bd64d157d14cb99a35b597a4c96b6fb6522a10bc

SHA512
3c7a3e473590c83533ade42abfa53c1012a417aa8c8d25e76ff1becc479d4038cd711af938c1177f78faed1aa038e5345f74ed0197e9bbff6b6edfc669660fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe

Filesize
468KB

MD5
91e6d7d49a10fd719fb550bb8d30f815

SHA1
c74829824191f589f05444ec5d64677cbd442d5b

SHA256
013e4b5be0dc5f884cb8d383021faa8f309fe41f95527e21c5a8135444bbc5db

SHA512
11d2d35c6f33346446a5503ed1741f9e8630f9c3ad403497afd4d0a92d19a9267a4b13189474039d14ac37bd3eccc8e9bda1e32a26899a1646a1018b279f86d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe

Filesize
468KB

MD5
4a63969610dc0acb35762b3852aba543

SHA1
93a3671d9a4b077f7ce40971037a530f25ae891c

SHA256
8a8af22f9be80066787d1fff9d4da5490c12ca2d9e55dbeb2f7ba202ff2854d6

SHA512
03b548bcdbe3d34dc8a960367f6a94c9eeed4d489e799d727e05b9d0575e68ad02b12b7625fb4b714dedced4b8137a6164a92edd1192ae382cb073afd9bec0b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe

Filesize
468KB

MD5
a973dc0db70fa55e5ad30dba40587df1

SHA1
b07f8fc2923b9f7fc8f9161cae319aa24546db4a

SHA256
713b64f7d7a6e70e11cb5ca53d877d9de621e320e969f7f6f0699a51a4ffa9d8

SHA512
02b2ecd8658af185c75f8cba4fb1c487434d00af20f8b1d587d5987cc30555289803e8cea32edc3089b74e855eac67cf1713142b915bbac98ef2b3165a209564

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe

Filesize
468KB

MD5
4b3a27c1e01eee03642921b7b69ff93d

SHA1
33eff95dda7cbe082bba83122f7a808c926a9ab2

SHA256
7f85daef6724fc2cd296778f71ed9e2976b00e2b4cd3c360a798766c06096aab

SHA512
d2acd8590470d8da5f52077faf1ab5f2d327a70ebf9c59729e87052d802df9f84469de5e79b548e367b8a80d2eda37dac0d063c0754214fc0bc617e22393fc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe

Filesize
468KB

MD5
d0916ec0e28e16f155fdfc7e2893ad35

SHA1
507b2f44b8dd5673e413e6d8ce1340fc06813abf

SHA256
e809ac43cc222f94cd6f111cde5cffd53728853ba784f317a84c4e9fbd0b0297

SHA512
08c1315276ead81a180f9d944f4daa2adb8dcc768d7ab303cc2aa0c48079eec4fac901ad6497ccb29f6248ffa3c4f4a268fd4d65897b32968611976b67d7be07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe

Filesize
468KB

MD5
3eae6a49ed188c2d041df82b28bf5cc4

SHA1
e8f04a9a9920ae987c81f26a80d9608f259ac6ce

SHA256
4e4a20864db744b8c849bc37cae1320f8a1189546f5a406087264d66295c9005

SHA512
ac1aebec123dd062394050ceb50d171397b671420527f488acddeb35de3acc5ca5adaf79893da5ebcd18ced7422fd78e98c7e2da3ac85ed344f91067f3a8745e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe

Filesize
468KB

MD5
94dae7a8ac78a350f171c60be0530971

SHA1
04fdc55ee64dab6885b84c54b506b558f20727d3

SHA256
2a1322327fb614cf109067ab4fd533653f4d581670dbc49c08855f98ee9a2369

SHA512
abf576fc588852cba25cbf9040cc0f46461902cc282bc5dfe76734c0ecad98db181f7d97d31a838981bdd033e3f7ed968dfa9a51528620758330217bf0a92aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe

Filesize
468KB

MD5
d9165ee27c948a6271647ac9a0578cb2

SHA1
0e030cac786ad34afaddda9f8e2012f663eb4b8c

SHA256
0b23bb1042cd99f19adfbdf28386094c2885849eae76e1c6b18e649a8bbf3356

SHA512
1e7a09cfc7ff718c1614b20b24aada079a2415b7548e43760ddd49474a7ad457dfaaec72fe4180130a9ac69349532b9e2c229be0168aa9e53739ee0d3fb5ad1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe

Filesize
468KB

MD5
bcff6b9f4420561326498d963d74674f

SHA1
afcf9af6f41d0530b971a4e753ac17631ffd0456

SHA256
ff1344e25cbb9de5af1bd4fb67100e8fd88b8b68b4f5d3b8974a573ddbc78c97

SHA512
a4ba43c74b450a99f4d0d293759a23ba9e9317272b8f5aa0fddf757638349e60216943cde5e575f3e7c2aa904f3d69fd0dc014bfafc7be7e16e07fa35c9bd489

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe

Filesize
468KB

MD5
cbf63923f11799cbb84e6da98328feab

SHA1
95c8042ae3ab698b0e788b555ee87a38983747e6

SHA256
ec41b2b0778cf8ab5f5615c72e776581763b0029958d4dc142b1e8b6345a10d3

SHA512
0f19a40144a69bf3176a228398ae50368aac7ff29ddf9973f4f0b9717c2f8517adccb625e103c2707d7d34e8d5fcaf5f6266d229c37218c4765e72b158be5dfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe

Filesize
468KB

MD5
534ab61a2a7ee80e047cab726ac05d30

SHA1
2230a91a1453d26a2bdf6d341cb3cd1646de0481

SHA256
f5cda5816140bd6a122b057b6bbd0ab1bb8a6f0a4a69b034967aa67c799064f1

SHA512
a92265fdeffd225614f2f5f5ca90233e882ff3e746e9bd04069aee065e368e010e67b686d9a563816167014073e6c29b9ef67248ae48d4d0d1f2fd516b93e5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe

Filesize
468KB

MD5
cb66dc31c0c501f6f65a17709e9943b5

SHA1
bdda4e95e2cf973e994c724e21d680be6304490a

SHA256
938f681ce8b8766b52a5cb306f48084207cdb46668d73ff1a3ee8025b8ba998a

SHA512
865eab0b36e028b59b1e61db826e282da3903c236acabb19b0674dd97bc2fa99050eb4ea127436b6c677e7a95cdb41b6deec779945e32b9578b7ddc14a4d3713

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe

Filesize
468KB

MD5
17aeed7c9cd4f2d5d267bd58c9e83c6f

SHA1
0524691345c16d32c76bb1ab6098046d7f977729

SHA256
81723d0c4170d2288316094bd548f6099b4d5db145c53d20d42696f8962cec30

SHA512
684b76cebd8f14a9b3decfc86bf4083ebc84be2cd769bb2f6df67d7c95f360c465761ecef88136319d1d243cdb140e85b28fe577399abaed6ba6f5b9d1c02095

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe

Filesize
468KB

MD5
6bc85504dc7e56e18cab03638c8c7b0a

SHA1
276e9c91165caa9bdba9982185e1ccd95870e2ad

SHA256
90c52c1c4f9df175ed5e75cb35637bb9231a39f02db76bc6243d926dfb37157b

SHA512
5dd6be20eaefea7a39ae5f5e40273b0320cba0d8eb9093d7672d692234ee71f4be9e16ffeb62a77dbb7548190250ee09776ec4855a74b9088db4e55a92cb483b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe

Filesize
468KB

MD5
0c2007f2122f6c805ee9c06b3dc4cf1e

SHA1
6c222ce39c9f5e16902d69a46e557a40492675a9

SHA256
964fcad459e20546ddcf1a8a4fd9706b759d67d34c82bb2166e0769765925a0c

SHA512
47912ddcbff29a743eb06166500ccbe6008df78276393d4bd61891b23c7ae58e5fa284626d0d239f0ee811a715ef35e42efabb8c4e76ed14f5ff4173afdfb7d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe

Filesize
468KB

MD5
74394e13b11fc405ba0431bd12d198a9

SHA1
a14665c49fafc95beb659969151f60328f8a59e5

SHA256
cc85d195e1f478ae24292a3ee5f2ed6b17b91fe9803091848842d821894f5b60

SHA512
49d0796b7f8dfb25b6de11e0ff354c8c86a9ccb7b693ef7990b1fbb7e1762a3bc552d4d3f028debf8e6fd5956129044e419251772f5d2b5803f1f289ffe3b9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe

Filesize
468KB

MD5
ed22fe81b039e54d8487613a98cf22c5

SHA1
e928026399153d6da8af464d132aed7fbd4ea760

SHA256
df0af57a8113ab999e48275a353aa4c48cc72cc96ca2a7764d99f0d0652f1d9b

SHA512
a193b3c4eaffc9d62b16415af3a135c0a944d804ee8a15753cd83731ac76908f94577150ad9fdd24754c5acb19b7533141a98a5b20d180b410f6ffd702fd9ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe

Filesize
468KB

MD5
e968d00676a8682422896f1c301b1e3e

SHA1
eddcb46c931f79b7a85c865f9105b82e0efc8f22

SHA256
71914a10be039bd6444f63630dc3210e5f5ea2323c481060126012706c205586

SHA512
d03772f16bb4db38ff3dd38cc9af14732c5d4f7fafb389cf3c7488d97dd9e5920e955c65908a2b252d958b0a6e124285ced7dfcfe11eccaf40334fba78762026

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe

Filesize
468KB

MD5
d4fdcdbe69fbefbd69aae87b9a24fd6a

SHA1
e12350d979237df6a3e23f8006c3e2706b4cb033

SHA256
663b5264cb247055812a3898af34da0e848ca1bf6ac0a9ec70d8985a5f8f29f6

SHA512
af47289ade2d06fe7ec5269b7a985e4faf07a9e172b4a862360585a48ede6229a8053553607b7d331d2097b0d68304ec7c38edf08aa7b475d264868e31a9b955

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe

Filesize
468KB

MD5
2804509e0abd2d5fd8cbb75a5c541aa2

SHA1
8e23db1e5e87901c6ce7d3139bd13aced304d6d5

SHA256
dbfbb775222e1668b1a6da69b088172a201caca75611cee5314a991f9890db69

SHA512
ff8aa63ee0b2fb69292beeafad062d908ba97ed171558c5b1d0a13940f70057c4e2df6be8080f5a2ed4feabb71ecc181fa51d2436a15ce2b5c63d5af9e542af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe

Filesize
468KB

MD5
033ab4fa7699c6e214bd653c73a3a111

SHA1
a3ea803c832ea8eeadf28fe0bdd3ef41fa8722bd

SHA256
a41b8df793c44dc0c5fa3515a288f17b562cdc59d1f181532de296d9e3edc6d4

SHA512
1fb5dacb82eb031f9f1d6f2d7f161d1338915fbd272c72a66c1e444df971eb78702a0fe70bd4cae19a96534d650ef65482e0b3ea29a951314ff30169d37a7df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe

Filesize
468KB

MD5
c6b58f7cb73251f492f2f5707413f2f9

SHA1
705ba322af579210fd4234769f20473b2e686f5b

SHA256
8a818a9350b1b0c59a63e7391ab827820e39ba6591a48a2e4252f764957cfb78

SHA512
5bae3de492e2cba95a08c6e149e7c71e57c22864d7822ebfd62fbf8361e4d83d6015dbf62c5449cb9e64e03d28d74276ca9b767177a0155599c6e6d2a2922862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe

Filesize
468KB

MD5
5577eb86f7e0bc89fd2512c01b45bbc7

SHA1
7672f422649b3a9d961797161cebebc0fb0c5508

SHA256
6d8778cbdcad69e1e75e8c11e7226a390bba5622bd25d8b95b49c8a8ac8afa00

SHA512
6006dccebbee689ebfb633876f07f377dafc43ff7d01ed8dd0fb5c4eeeee345b45ba3518bc2da13c44337ecb5bc9b60950ac4f080366bb547c029351d58c0f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe

Filesize
468KB

MD5
b1c627971a182f542ef0cb203d6def49

SHA1
9f986d3cca4dad99cf1f257e0163176f827abc7e

SHA256
313d1dd4698002c6dc9071ec715ab85de35b9a874a5ec7bbfb4cdd04c426d67f

SHA512
796ac2bbc15c5ecde6cc2bdf5d4af6044e2161a3f1866616c076e766580adb2903d118aab4694ede9bf823fb03da355209274a314360bf235b70da32cd357dc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe

Filesize
468KB

MD5
48743d5b903dbadab36fdd0d8b9a8de5

SHA1
f4c198bf88695a33f16572fc16ec9d5d65ea7bcc

SHA256
9e32066e6166f0e1ff246e1c47b98c2deee13b8c23ba5580afcce5981dd946a9

SHA512
fac6d8e75b5a7513506cc62291d3564d51e19815423ca2fdafabcc6ed3b7f02561b4fcfc61cc27907617b82fad1ef48ea8bef383873f221b568bd201b0a9aefc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe

Filesize
468KB

MD5
8acfdaf2961f8434d4b85f24923846cc

SHA1
1bfd2990317f159044ff803ca48ce994089d3072

SHA256
ac34ecd96e57ea8cced9fa648fe0a8cf8bc4582e079599f4ac37e9f1a8acc651

SHA512
51e99f6f205f33d4b2a1c7640d4c0ddea6ba75af3e4fe167a3ac92fc9b1cd37fc003cbe28e42c0f7afc9c66224e474787c4ab98f3486833246965a8b2f32e461

Download Submit
memory/244-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/408-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/436-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/512-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/692-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/908-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1384-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1464-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1740-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1760-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1932-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2004-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2008-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-623-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2148-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2184-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-618-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-2580-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-620-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2408-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-70-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3032-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-2581-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3220-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3288-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3376-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3436-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3748-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3912-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3920-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3944-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4056-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4088-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4164-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4416-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4432-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4464-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4504-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4512-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4584-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4656-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4688-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4880-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4944-592-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5100-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5132-588-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-621-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-589-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5168-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-590-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5324-631-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5336-616-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5352-615-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9780-3882-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15456-2451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15552-2439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17292-3542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/18280-3802-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads