328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28ae

Analysis

max time kernel
120s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe
Size

468KB
MD5

5a1d354d03b22b6b9538994424ad63c0
SHA1

4f160c6f133c436b07a6dbee4cbe918237ffecef
SHA256

328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28ae
SHA512

335eb8049ff8c80057b995d038422a05c80276690bf84ac07d7cdff54b7e8239fd075503cb45dc1305c02d749f614196cd2a7cd193311287a730b1e5b8900dc6
SSDEEP

3072:lGAoogHIId5KtbY7Pztjcf8/GCtvJ3pnrjHeLV7OKe78x+BP5plk:lGboSbKtUPJjcfCZucKeoYBP5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2776	Unicorn-3800.exe
3496	Unicorn-52015.exe
2852	Unicorn-32149.exe
2280	Unicorn-14848.exe
3052	Unicorn-14848.exe
4788	Unicorn-25054.exe
2944	Unicorn-11319.exe
1908	Unicorn-19857.exe
2072	Unicorn-19857.exe
3484	Unicorn-58751.exe
3228	Unicorn-31844.exe
1604	Unicorn-62835.exe
3548	Unicorn-30062.exe
2952	Unicorn-38885.exe
4816	Unicorn-57857.exe
1236	Unicorn-39867.exe
4664	Unicorn-48035.exe
1324	Unicorn-17309.exe
4740	Unicorn-47770.exe
2416	Unicorn-25477.exe
4176	Unicorn-5611.exe
1516	Unicorn-20630.exe
3432	Unicorn-27514.exe
4676	Unicorn-29561.exe
1796	Unicorn-13779.exe
1580	Unicorn-26031.exe
1656	Unicorn-30115.exe
3800	Unicorn-45897.exe
4452	Unicorn-54833.exe
1380	Unicorn-63504.exe
2460	Unicorn-29321.exe
2676	Unicorn-39435.exe
1308	Unicorn-12622.exe
4796	Unicorn-5009.exe
5000	Unicorn-37895.exe
3608	Unicorn-17374.exe
4472	Unicorn-31673.exe
4404	Unicorn-31673.exe
1780	Unicorn-35757.exe
4896	Unicorn-43925.exe
3952	Unicorn-50047.exe
536	Unicorn-56177.exe
5048	Unicorn-21367.exe
3268	Unicorn-5585.exe
3144	Unicorn-30711.exe
464	Unicorn-5585.exe
3540	Unicorn-33619.exe
916	Unicorn-15144.exe
4956	Unicorn-45871.exe
244	Unicorn-15144.exe
4408	Unicorn-17182.exe
4800	Unicorn-17182.exe
1920	Unicorn-38257.exe
5028	Unicorn-60816.exe
4612	Unicorn-57858.exe
4380	Unicorn-49193.exe
2964	Unicorn-1330.exe
3852	Unicorn-4652.exe
3840	Unicorn-44309.exe
4092	Unicorn-59254.exe
1068	Unicorn-42071.exe
512	Unicorn-5222.exe
1688	Unicorn-57037.exe
4332	Unicorn-63167.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
11376	6248	WerFault.exe	279

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34990.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4448	dwm.exe
Token: SeChangeNotifyPrivilege	4448	dwm.exe
Token: 33	4448	dwm.exe
Token: SeIncBasePriorityPrivilege	4448	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe
2776	Unicorn-3800.exe
2852	Unicorn-32149.exe
3496	Unicorn-52015.exe
2280	Unicorn-14848.exe
3052	Unicorn-14848.exe
2944	Unicorn-11319.exe
4788	Unicorn-25054.exe
2072	Unicorn-19857.exe
3484	Unicorn-58751.exe
3228	Unicorn-31844.exe
1604	Unicorn-62835.exe
3548	Unicorn-30062.exe
2952	Unicorn-38885.exe
1908	Unicorn-19857.exe
4816	Unicorn-57857.exe
1236	Unicorn-39867.exe
4664	Unicorn-48035.exe
1324	Unicorn-17309.exe
2416	Unicorn-25477.exe
4740	Unicorn-47770.exe
3432	Unicorn-27514.exe
1516	Unicorn-20630.exe
4176	Unicorn-5611.exe
1796	Unicorn-13779.exe
3800	Unicorn-45897.exe
1656	Unicorn-30115.exe
1580	Unicorn-26031.exe
4452	Unicorn-54833.exe
1380	Unicorn-63504.exe
2460	Unicorn-29321.exe
2676	Unicorn-39435.exe
1308	Unicorn-12622.exe
4796	Unicorn-5009.exe
5000	Unicorn-37895.exe
3608	Unicorn-17374.exe
1780	Unicorn-35757.exe
4404	Unicorn-31673.exe
4472	Unicorn-31673.exe
4896	Unicorn-43925.exe
5048	Unicorn-21367.exe
3952	Unicorn-50047.exe
464	Unicorn-5585.exe
916	Unicorn-15144.exe
4956	Unicorn-45871.exe
3540	Unicorn-33619.exe
3268	Unicorn-5585.exe
244	Unicorn-15144.exe
3144	Unicorn-30711.exe
536	Unicorn-56177.exe
4800	Unicorn-17182.exe
5028	Unicorn-60816.exe
4380	Unicorn-49193.exe
4408	Unicorn-17182.exe
4612	Unicorn-57858.exe
1920	Unicorn-38257.exe
2964	Unicorn-1330.exe
4092	Unicorn-59254.exe
1068	Unicorn-42071.exe
3852	Unicorn-4652.exe
4332	Unicorn-63167.exe
512	Unicorn-5222.exe
1688	Unicorn-57037.exe
3840	Unicorn-44309.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 2776	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	82
PID 868 wrote to memory of 2776	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	82
PID 868 wrote to memory of 2776	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	82
PID 2776 wrote to memory of 3496	2776	Unicorn-3800.exe	83
PID 2776 wrote to memory of 3496	2776	Unicorn-3800.exe	83
PID 2776 wrote to memory of 3496	2776	Unicorn-3800.exe	83
PID 868 wrote to memory of 2852	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	84
PID 868 wrote to memory of 2852	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	84
PID 868 wrote to memory of 2852	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	84
PID 3496 wrote to memory of 2280	3496	Unicorn-52015.exe	86
PID 3496 wrote to memory of 2280	3496	Unicorn-52015.exe	86
PID 3496 wrote to memory of 2280	3496	Unicorn-52015.exe	86
PID 2852 wrote to memory of 3052	2852	Unicorn-32149.exe	85
PID 2852 wrote to memory of 3052	2852	Unicorn-32149.exe	85
PID 2852 wrote to memory of 3052	2852	Unicorn-32149.exe	85
PID 868 wrote to memory of 4788	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	87
PID 868 wrote to memory of 4788	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	87
PID 868 wrote to memory of 4788	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	87
PID 2776 wrote to memory of 2944	2776	Unicorn-3800.exe	88
PID 2776 wrote to memory of 2944	2776	Unicorn-3800.exe	88
PID 2776 wrote to memory of 2944	2776	Unicorn-3800.exe	88
PID 2280 wrote to memory of 1908	2280	Unicorn-14848.exe	90
PID 2280 wrote to memory of 1908	2280	Unicorn-14848.exe	90
PID 2280 wrote to memory of 1908	2280	Unicorn-14848.exe	90
PID 3052 wrote to memory of 2072	3052	Unicorn-14848.exe	89
PID 3052 wrote to memory of 2072	3052	Unicorn-14848.exe	89
PID 3052 wrote to memory of 2072	3052	Unicorn-14848.exe	89
PID 4788 wrote to memory of 3484	4788	Unicorn-25054.exe	91
PID 4788 wrote to memory of 3484	4788	Unicorn-25054.exe	91
PID 4788 wrote to memory of 3484	4788	Unicorn-25054.exe	91
PID 868 wrote to memory of 3228	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	92
PID 868 wrote to memory of 3228	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	92
PID 868 wrote to memory of 3228	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	92
PID 2944 wrote to memory of 1604	2944	Unicorn-11319.exe	94
PID 2944 wrote to memory of 1604	2944	Unicorn-11319.exe	94
PID 2944 wrote to memory of 1604	2944	Unicorn-11319.exe	94
PID 3496 wrote to memory of 2952	3496	Unicorn-52015.exe	93
PID 3496 wrote to memory of 2952	3496	Unicorn-52015.exe	93
PID 3496 wrote to memory of 2952	3496	Unicorn-52015.exe	93
PID 2776 wrote to memory of 3548	2776	Unicorn-3800.exe	95
PID 2776 wrote to memory of 3548	2776	Unicorn-3800.exe	95
PID 2776 wrote to memory of 3548	2776	Unicorn-3800.exe	95
PID 2852 wrote to memory of 4816	2852	Unicorn-32149.exe	100
PID 2852 wrote to memory of 4816	2852	Unicorn-32149.exe	100
PID 2852 wrote to memory of 4816	2852	Unicorn-32149.exe	100
PID 3548 wrote to memory of 1236	3548	Unicorn-30062.exe	101
PID 3548 wrote to memory of 1236	3548	Unicorn-30062.exe	101
PID 3548 wrote to memory of 1236	3548	Unicorn-30062.exe	101
PID 3228 wrote to memory of 4664	3228	Unicorn-31844.exe	104
PID 3228 wrote to memory of 4664	3228	Unicorn-31844.exe	104
PID 3228 wrote to memory of 4664	3228	Unicorn-31844.exe	104
PID 2072 wrote to memory of 1324	2072	Unicorn-19857.exe	102
PID 2072 wrote to memory of 1324	2072	Unicorn-19857.exe	102
PID 2072 wrote to memory of 1324	2072	Unicorn-19857.exe	102
PID 2776 wrote to memory of 4740	2776	Unicorn-3800.exe	103
PID 2776 wrote to memory of 4740	2776	Unicorn-3800.exe	103
PID 2776 wrote to memory of 4740	2776	Unicorn-3800.exe	103
PID 2952 wrote to memory of 2416	2952	Unicorn-38885.exe	105
PID 2952 wrote to memory of 2416	2952	Unicorn-38885.exe	105
PID 2952 wrote to memory of 2416	2952	Unicorn-38885.exe	105
PID 868 wrote to memory of 1516	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	107
PID 868 wrote to memory of 1516	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	107
PID 868 wrote to memory of 1516	868	328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe	107
PID 3052 wrote to memory of 4176	3052	Unicorn-14848.exe	106

C:\Users\Admin\AppData\Local\Temp\328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe
"C:\Users\Admin\AppData\Local\Temp\328f469389fc15cbecf3531f02b05ec6dffa3f84273936f1c5d259b790cc28aeN.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        10⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        10⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        9⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        10⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        9⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        9⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        9⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        8⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20319.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        9⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        10⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        10⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        9⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        9⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        8⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        9⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        9⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        8⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        7⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        6⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        9⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        8⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
        7⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        8⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        8⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        7⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49063.exe
        7⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        6⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        6⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        7⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        7⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        7⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        6⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        9⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        9⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        8⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        8⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        8⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        6⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        8⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        8⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        6⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        7⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        6⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        7⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        7⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        7⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        6⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        7⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        7⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31959.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
      4⤵
      PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        5⤵
        Executes dropped EXE
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        9⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        9⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        8⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        7⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7464.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        7⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        6⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        5⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        6⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        7⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56618.exe
        6⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        7⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        6⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        5⤵
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        6⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        5⤵
        
        PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12010.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        6⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        5⤵
        
        PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
      4⤵
      PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51818.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        7⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        8⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        7⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        6⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        8⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        8⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        8⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        7⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        7⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        6⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13660.exe
        6⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        6⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        5⤵
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
      4⤵
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        7⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        6⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        6⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5442.exe
        5⤵
        
        PID:616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
      4⤵
      PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
      4⤵
      PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        7⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61211.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        5⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        5⤵
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
      4⤵
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        5⤵
        
        PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40281.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
      4⤵
      PID:6732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
    3⤵
    PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
      4⤵
      PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
      4⤵
      PID:14896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
    3⤵
    PID:7564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
    3⤵
    PID:10476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
    3⤵
    PID:15596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3304.exe
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
        6⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        6⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26187.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        6⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        7⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
        6⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63850.exe
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        8⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        7⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        7⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        7⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        6⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27579.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        7⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        6⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        6⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 720
        7⤵
        Program crash
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
        5⤵
        
        PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        8⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        7⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        6⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        7⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21039.exe
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        6⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
      4⤵
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        6⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        5⤵
        
        PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28731.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        5⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53784.exe
      4⤵
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        7⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        7⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20179.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        7⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        6⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21500.exe
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45326.exe
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
      4⤵
      PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        5⤵
        
        PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      4⤵
      PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
      4⤵
      PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        5⤵
        
        PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
      4⤵
      PID:12656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
      4⤵
      PID:13096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
    3⤵
    PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
      4⤵
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
      4⤵
      PID:8136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
    3⤵
    PID:7620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
    3⤵
    PID:11388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23369.exe
    3⤵
    PID:15560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        8⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        6⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        6⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        5⤵
        
        PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        7⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        6⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        6⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
        5⤵
        
        PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        5⤵
        
        PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
      4⤵
      PID:7464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        5⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        6⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        5⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
      4⤵
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      4⤵
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe
      4⤵
      PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
      4⤵
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
    3⤵
    PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
    3⤵
    PID:5160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46283.exe
        7⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        6⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
        6⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
        5⤵
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
      4⤵
      PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
      4⤵
      PID:7336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
      4⤵
      PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
      4⤵
      PID:16104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
    3⤵
    PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
      4⤵
      PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
      4⤵
      PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
    3⤵
    PID:10276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
    3⤵
    PID:4676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26131.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32513.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48719.exe
      4⤵
      PID:7160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
    3⤵
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        5⤵
        
        PID:13560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
      4⤵
      PID:15256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
    3⤵
    PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
      4⤵
      PID:13244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
    3⤵
    PID:11260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
    3⤵
    PID:5300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47703.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
      4⤵
      PID:14044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
    3⤵
    PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
      4⤵
      PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
    3⤵
    PID:12212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
    3⤵
    PID:4852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
    3⤵
    PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
      4⤵
      PID:15100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
    3⤵
    PID:8832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
    3⤵
    PID:13484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
  2⤵
  PID:6932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1424.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
    3⤵
    PID:5316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
  2⤵
  PID:10496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
  2⤵
  PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6248 -ip 6248
1⤵
PID:11080

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe

Filesize
468KB

MD5
2d60497201c9bb304193db8dfc24f6fa

SHA1
8427b3188091d47c793442ac50ff3e29d063c37d

SHA256
8da1fb5cb9881eb8bc3f917cd3cb61ce1e0e293d861965893165b7d7c81eadbb

SHA512
6b29286d4f6f38680bcae6cc1cf06642875f0d7627b6e6d98a1a442d409b55e9b2d915643c2ce0a8ca85ad6732cd69013230653767a85668ab362fbf6d822763

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe

Filesize
468KB

MD5
f65ee19be00f983ecd75892f382b9ad7

SHA1
0e83b1b41cbb80ffe63ec398ed6f0c06128c7715

SHA256
341f0d79e57a085302bbc39203a3a8f3d91ed7caee64b074aa402686c5b0a602

SHA512
3181798b9000450ea3346275ea8af39d114d92e6459e3cd1c69c82dad0ec7e67dbf81d5a1a009b6983cd5443f9b43daa752a32863e0d782a1198a96b06214e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe

Filesize
468KB

MD5
d7d15c7f5bfc07b28175570731d71493

SHA1
8589c36b2a6b5790733fe59719aa152750f17c4c

SHA256
1969e102fec69591b6dfc3110441f4d18277d638d959f3a7b304bcd2226b463e

SHA512
973087fe9794cd5ad818c5a7ac60b61c77579667c97722ccc31244b942f1861de6ac19601e17b36d28b66ee9197be2a07f98372acca7528484fddc8d6ce51e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe

Filesize
468KB

MD5
3ffb99896957b5deac497a679ee26c7b

SHA1
45ac8390c66f67ef1f0b18cc7a017ebf4bec1639

SHA256
2af9ecb0f03c645ea637ea28ca95e84b33fb8b8560e1b583c1954e8ac1ea5170

SHA512
d2368b866af5ece1e0a117bb0c4a02ab5b46d04d4808f5399f2dd6c412d4d6faa0b1ec3a843378f6490d651db64680ae1e997d7a6ccc881a1806f2018011780c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe

Filesize
468KB

MD5
78d93d02cb249ef2d8ffdfcd33ebad09

SHA1
eb194bee514525e1a785e4ce0b5d97eb024f9857

SHA256
f0efa235ab0464823827e2eb1eb5afe29a5b38b39e9aea6ec8f669379e8c7256

SHA512
4d61ab7287b8907fcc63fe4eb876d5d4f23ea00aefab559135e7603461c57a7efd44b704c7d3f80017006f94539d6f6ef14389aa169808f4d8f66efb8d8548c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe

Filesize
468KB

MD5
7241cfe8faf610ec983beea8843d375a

SHA1
4bd4ed4c1cb17dc4b62909af8980d99645dbbb0b

SHA256
fb4259f1a750cca1d2e7bcd5bbf08b0200f24f0236b96d8928d8c13f4a97df05

SHA512
1c20410cd01b96df5650a1d70747b11b14d6012861d6a17248919343760be2dd316a4277ef7e0f034d7472994f17a89283db8e3d73de0d32545f76ed6c9132ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe

Filesize
468KB

MD5
a6dcaba051bee88ed580737dd78c8872

SHA1
a9da7dec73ebc9db2d783018742b9b2b7052e67f

SHA256
470a5d6c94bf36ebf6ca55e2467f024ad7b06efb3c699c211eb88cfd8cb51a70

SHA512
bb8e97f97edb9db9aab842e77cc1bf7dc0451d949a951fac242c18ab8bb2546ddb9dbf4fe4fc95ecf1bc80cf527f07153a00bfbb7c60505dc914a3b272f395b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe

Filesize
468KB

MD5
364a0487721eae1c5f68d28242c0d6e8

SHA1
387d138348f8db1982a64f148685a8a084ec4d90

SHA256
87a51490204c7e9ce0fbfa090ab4156437d5c6905e5176d8ce04a51d8477dbdb

SHA512
ed5424700a9a90d013881ba65f3240c44f32d353840b6c6942790bcbfdc5500b6ad621b8e100bcd5cd75dc4ebbe9cc3dbf74e4607f24baeb378e0b3e6c53d376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe

Filesize
468KB

MD5
c766eb6959a50cd4d9c7d820bfe1dc2e

SHA1
004d6857f219d60618d89d9b8689ea8a29993794

SHA256
a198f3478ccb3b940d4fc9d571e92be30bddb1261128ac2aae1b61be922b2c78

SHA512
8bff02466be0871915eced3eb8b35cfe656ec0a346210a34818a926ca77a17de3bd5f468d76e402485ede62f2100b52f0949fa25021d05a979d8d902c24ea180

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe

Filesize
468KB

MD5
7d585eb552f0618d5da8b4a480e7c720

SHA1
1a9e83430a8590de1a891902c072fc09d6aed59a

SHA256
80764f0a3568636f397a3c5b9d33965bc95bc841b6854bda2bbecfaaeb02c822

SHA512
50459becf03dd1ff43f3b050703b22cedbdb5cd8e34286f6a302eddd7618f205f1bdce6553ffd2251a16c6213d15211a040a904c17e47b6a3fa9aab3432ce53c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe

Filesize
468KB

MD5
95a6b44483cc5e743c88e1036ed8b259

SHA1
9a9c884374c5c716686be82ec6f9fc7241438506

SHA256
323a04259b9d6591f1b856f85d4a90c66169440b21c15f51df834b845e0cfbff

SHA512
e39063f902db46b523da81502fa355aa893f13a4ca44a8c2087acf66e45488e3526cb93127b768032f20f47d3efcbb19df2a6088d1c262d0c84c31cba24a4be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe

Filesize
468KB

MD5
3b9264f9f1da311f57265bc3e2664668

SHA1
8fe40662561e2d9a78f1095d4172796eb4e7c4d2

SHA256
5ae5cd220e9547b272f045981f49e237e3b03a2441712d9ac8c9c70d3c06b03a

SHA512
3185cc8dade3d2c6e86145d05357fe4019cb3043e9e3467b560ecf7cafe71cbcad1d12d6ae1647c52a7bde8efc1fa611d1ba25388776517dbd5581a0dbd66e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe

Filesize
468KB

MD5
cf9b12d66bad770815c7c21fd8ae4b21

SHA1
9dc84a1373a1254d6a6a86d2860365e114632bdf

SHA256
39c8a6e0a546d2bee5ad7f264c59e919a3f33122882dee4ceb7d3c24ffe12ca3

SHA512
ca4c13a36ab5084cbb9fb37a89f78827a41da579dd4587d4b53d70065ea366584cf392125a608fe46382e17bc312099b1eb8d512a1d8780e05934a4ed8a57e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe

Filesize
468KB

MD5
0f3571f779910ed057cd87d81c432a4c

SHA1
778b94c32849da01919f89c581f36b7ea4d926b0

SHA256
b757a52e4716635f5cb8e596f36571aed96cd9f0097c9ad93e37e31c54201027

SHA512
ffd571585ca6eac1bb4c09d31f89e08d95ebc10c813b30b50b3f686245ac8ed0f059350a7eec8e9d81446be7d31b47185879437ca58ac3a2a53ba92c15f46c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe

Filesize
468KB

MD5
75b4938f3d47ca51de29199dae94b83b

SHA1
4bba4cde2b711d2d661d306c11015a67d6172194

SHA256
dcbfa69a5ced29d1c2f9b6d3b2834f57c346787d65f0d5300bc1b89981a9fe63

SHA512
bac220a70a423b6493788d4feed9eb2745544a14038969efd8b0e9817411c27067031737330179e3bec94363cdc5eeb8be44ca3ab9d8f401b2b35e0f6616c0cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe

Filesize
468KB

MD5
07c778033056c2f84b8f17991e2c03b5

SHA1
04157af9f3d08cc8e950461675240f51c2e2aca2

SHA256
f5b7555506f57f5609225a0891d6ca03101c177e8898d13d61f0a08ff75abac1

SHA512
d27f767268cce836e3e51145be857c85e24969b9b139bb4671edad906c1480c28bcbe2cbc051f9cdf9a4bef4e1ad156f4d42e3011449aaa6a7aff107c524bebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe

Filesize
468KB

MD5
8ff0dcebed6df4e3b350c62f245fd817

SHA1
89e8123e0e864fe12ba91640cfbf34a78389f653

SHA256
168fbbe9a4b73375a9929d7b74826d0667b43b777591efab575ffeb83c345ab1

SHA512
551045f8a57783414417e10f724909731643915bd63faed8805fe6fddc9be616789dfdfdb03a9c134f2cd05128d6eea33e445acac9511272676dc8e87d4a1439

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe

Filesize
468KB

MD5
67e35eec2fd5c78945dca55d6d2566ce

SHA1
099e1a3e134de34124e9de811f6a6c31b4a87098

SHA256
360a8a92dceb3246b673c534265d502db905b8c626e72aca0c58c63d3d8d8d72

SHA512
90fcb7baf85893940f0f1a8f67bd2c11628bc9f2b1418c82b61687b071ad86ccbd8be29dce588f79728299170aeec39733ee520754844ae50b532c4c84f570a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe

Filesize
468KB

MD5
39f85560b71b728308b688d270db6a0a

SHA1
3e4b0c544f4de7d8423ef453bc49d3b8083c7a8a

SHA256
11777197089a038c7831f99c422022b2ed7d82a44e903cb6b74df0ee425a14ae

SHA512
7023b1a3ae1caa431193b60815c2d280fd565f9c1cdbc95fb59eacde0b8ab616ce2e8cc671483307449e2245dfcc86627322abca51a66fde8b1db27dde150cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe

Filesize
468KB

MD5
aaba5693d32884f0cb62088a41c0938b

SHA1
f6b3d9faeba20d287c995b232cfc8daa3ee12b3c

SHA256
d4b6e83c4d9343b386b3cbb793e219d7cc305042fc84447cd6673c7a6c510af6

SHA512
1cf4f25f359e3adc54ff1e476ff3a38ae7364b5770ad1e35952f92fba258bbe3e33e550af2f36810ea2eb3b86b10c54dabffef5a3e48a98b9984b5c7c99f7b86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe

Filesize
468KB

MD5
0a55b55eb2a1b545c051d467a68cd03b

SHA1
03da2210cc8cfcdb7176a339535af1ac3c22f82f

SHA256
06a2867707d726fe792eef290c10eedb002c980d7b2e3d5b2f6d2de162ea86f5

SHA512
d500bacb3e7714d9edd9cd1fab164aa7ff9e4de732df72d4a126c9b44fec6ead59291ceaed6f39ed580d5bbe9b46948d5b69ef8a77d3eb69026f6e1ea0c18acf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe

Filesize
468KB

MD5
71d7b301e74750e827b17e64a28d4422

SHA1
3fdc99f8b8183539d9cd2fe52a84cb6bc920f6a7

SHA256
8ffdf00a3e174926a0b6e521e425194981354fdcc45ec0e18da2d6bc3daff037

SHA512
61db2cbe6e9f2162e71a4cfbe753dbc810ded40d3baa063f05f2c514cb37fdb25362a7df01b6c4e32f7f769470a4b501456a356e00a1edbf1e39a50dee822f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe

Filesize
468KB

MD5
427a2e393f8a128dc65fb8449250b2b6

SHA1
f2c243d8b7ab263b9df7951c2daf316bbfd15a5d

SHA256
0bba8634b02012fe50fe872d26d06123e065b64af50ae9b4ec4efdd6defd5e82

SHA512
320a8dc4bad1c21d8da645cee463c9585a79873594891a81244c31ca59876a240b777078b124c9016e8c30ef8ea487eff8a6993389705ec7786023c4922edbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe

Filesize
468KB

MD5
fe52e468471a25e068eca906d5493624

SHA1
951aace08ee9b0fbbec12906cc550fc5167a5d1c

SHA256
e509d1d59b66b5798173f6e5b7d0a003a2c0af7f2fc4f083b98c88270bdc7d6f

SHA512
6eee4d09164890e4d591ee248ae5e94d64bfc5b86c6ca6471c4c1ef6c6c3c4dcfc5aec6b64f3ea11d99147f94b4f095f134d1db58cd3c216036a4e1305f42611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe

Filesize
468KB

MD5
d8b20505c3bd9a479e8215d691a4099f

SHA1
d3070300e585113265a49f691bbcaaca48f64ca1

SHA256
a8fc1b761e44846281d883a4bf732caf242ef0f6850d8142ec3578ed33e52cb4

SHA512
5370ea75ceac319df69be53fb9bdef07db2eb1fa9e5fe21ba42d5a46b349cb2057f3d5bb08c0594d84f3c8f77360ae89e4066bf493c04d5e09be272e48a53608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe

Filesize
468KB

MD5
afd67228c2d21eba64583d92d37be322

SHA1
ce524222602afccdf8fb1abe2dc9441f049640c8

SHA256
7fc4039519fe2615805cc1eec7d08f9820be06fa52bc2eee5e98afeb80b5c740

SHA512
3936324aaebd9d093f1f2b292ca45d66882d1ba5abf8614b97be842975b192348ef842f88a221700260951c21d1fd8bb9541e22aea289dd2f11fa2a9aac3bacd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe

Filesize
468KB

MD5
02145746d182cc1bf16da37197f3b598

SHA1
e3da848ab7a1698cc5ec75b432dbb1cdc7876373

SHA256
fc827a948b1be56cc96448ada7b42b9d15391a8ea3883f6f4ef57c7f2c4d7522

SHA512
555c8fe2181315d08b0f70bc568ded4887026e1de4149a031c8ba70737cc5881947c283432c1ad144a0d6586ae96f19ef355d8806a707d90372a9c59ff12ca0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe

Filesize
468KB

MD5
823e4efa307cd55cb796fda4a7252d30

SHA1
0e1e438aaec930ea0e0b187fe3688d7c090b090a

SHA256
67490bc7c8c7500c4eba482cfbd4a7a8fca5ca0f4f96d720ab0e54b23f0443d3

SHA512
2ab239b84720e1a501b25cb6600d66751ea00fb8e999b5dcd67cc6dbbe313a681fc97eb7f9f3230fda0bd2853b376a771fd98bf88acc49e39f4ca8905331b555

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe

Filesize
468KB

MD5
12bdc83fc54ff894bb4545beec5387d3

SHA1
797b4d089974bfc3ec8d8cfbce8bcf4b22752eb5

SHA256
33545c315068f2cc82205daee1883c8fe41c7875384ad212bfd290d03421b6ba

SHA512
93de7a8876e00d7604ad02bac9987dc8ee15354e630b53a7c08a5100b92eb85eb092f2cef53c8c2e3b3e598b6989699d810b5022b8d05f4fd0b481d23b958e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe

Filesize
468KB

MD5
95bc14070f2c8c001125cec7d229159a

SHA1
b633d613c09dc4aa81d689b9bc3f549e453b1873

SHA256
fe39facba1925e7d612602fa22b615a801ca4ea8685bd5b7cadb51aa7db78d85

SHA512
4ede15b5e3a9217fafb25b713dc4a91cae7bfd5aa268d1c339f2869772217e93984e8e6b21ec7949285e57b897928970fb1b8cb03e33a777d39299788252389d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe

Filesize
468KB

MD5
8204ba9ce8cf842131de16cd0c2552db

SHA1
e52f398e6f91daa8cb1712703b2d5f22118063f8

SHA256
58679017ede5b9984cadebf36cdca6ab1e517bc422e8062f41111dbe5a726cb9

SHA512
fca5969a812312557dcd182cc3baa27666f1984ddff813305c3b83c71cdc1e1c145b26c0286aec6f42937b195b396fd2957bbddc8f066bbf9f520948c140fe58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe

Filesize
468KB

MD5
f6b521ad203416e29695bc51a0036087

SHA1
986889858a131e9d29028adcf46fd69a8814d885

SHA256
9a0a267ab5f64b434f4c8c01242e901e1db9c1dfc71597584bc4efceaa922ba0

SHA512
95d006048867f4d4c03237ec99f7057609cfed36ece1a10450cf1d0912daf92ad766592a67ec3b4534249cf919fd68f4a812c4461716218b5e017ab5f62e0182

Download Submit
memory/244-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-998-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/512-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/536-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/760-996-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/844-988-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/916-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1068-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-108-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-994-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1324-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1380-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-1007-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1492-1002-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1580-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1604-77-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-999-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1908-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1920-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2056-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-985-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-1003-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2280-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2292-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-969-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2460-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3144-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3376-1006-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3432-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3484-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3496-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3556-967-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3588-966-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-997-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3804-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3840-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3852-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4136-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4176-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4408-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-1004-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4472-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4516-1001-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-1000-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4612-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4652-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4664-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4740-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4744-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-991-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4788-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4796-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-968-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-101-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4896-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-990-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4956-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-993-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5060-995-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-989-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5168-1005-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-1008-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-1009-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15660-2389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads