137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267

Analysis

max time kernel
120s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe
Size

468KB
MD5

324e92c6bf11247c4c2b49b85ed26a50
SHA1

8c0612f98a1d80fe08631d1d9b1135b1dc34ff7f
SHA256

137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267
SHA512

e7295d8d663b281df671dba1419f5d3cb83c1b0d9da4539a42bbbf2d4565a98df44b55c94b4d09698ac8f1923b2792748331471a4429fd144adffe58baecf519
SSDEEP

3072:ibzXogKdIq5UnbYHPztjcf8/KCtvC3pkhmHewVhx/eP82CuuGslT:ib7o+uUnoPJjcf1Z0Y/eEluuG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3896	Unicorn-52806.exe
4520	Unicorn-9957.exe
4392	Unicorn-18680.exe
4184	Unicorn-24322.exe
4144	Unicorn-24322.exe
3096	Unicorn-50864.exe
4156	Unicorn-37128.exe
3784	Unicorn-7321.exe
2488	Unicorn-31826.exe
2392	Unicorn-11960.exe
2028	Unicorn-3792.exe
2428	Unicorn-48162.exe
2956	Unicorn-60414.exe
2972	Unicorn-60149.exe
2680	Unicorn-58368.exe
1100	Unicorn-63678.exe
1808	Unicorn-55510.exe
2200	Unicorn-51981.exe
1552	Unicorn-4263.exe
4696	Unicorn-30549.exe
2664	Unicorn-6309.exe
1668	Unicorn-22646.exe
3724	Unicorn-47150.exe
4576	Unicorn-23200.exe
4872	Unicorn-63486.exe
1540	Unicorn-23200.exe
4792	Unicorn-55318.exe
2960	Unicorn-8155.exe
1724	Unicorn-5355.exe
1256	Unicorn-21384.exe
2764	Unicorn-47372.exe
3448	Unicorn-49418.exe
748	Unicorn-20638.exe
3512	Unicorn-34788.exe
720	Unicorn-62822.exe
4448	Unicorn-1177.exe
1720	Unicorn-15467.exe
2612	Unicorn-21598.exe
3376	Unicorn-18068.exe
4856	Unicorn-37934.exe
4848	Unicorn-34404.exe
3668	Unicorn-26236.exe
4212	Unicorn-54825.exe
1512	Unicorn-8888.exe
4636	Unicorn-9153.exe
4860	Unicorn-25490.exe
4540	Unicorn-13237.exe
784	Unicorn-54078.exe
4048	Unicorn-45148.exe
3388	Unicorn-28612.exe
1052	Unicorn-34212.exe
840	Unicorn-45910.exe
1544	Unicorn-30128.exe
3952	Unicorn-49729.exe
5064	Unicorn-64284.exe
2012	Unicorn-39780.exe
2628	Unicorn-63782.exe
3544	Unicorn-20703.exe
3524	Unicorn-39086.exe
2988	Unicorn-41176.exe
736	Unicorn-48790.exe
2440	Unicorn-48790.exe
5076	Unicorn-40430.exe
1260	Unicorn-40165.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
7404	5468	WerFault.exe	192
14480	14328	WerFault.exe	663

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53902.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15744	dwm.exe
Token: SeChangeNotifyPrivilege	15744	dwm.exe
Token: 33	15744	dwm.exe
Token: SeIncBasePriorityPrivilege	15744	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe
3896	Unicorn-52806.exe
4392	Unicorn-18680.exe
4520	Unicorn-9957.exe
4144	Unicorn-24322.exe
4184	Unicorn-24322.exe
4156	Unicorn-37128.exe
3096	Unicorn-50864.exe
3784	Unicorn-7321.exe
2488	Unicorn-31826.exe
2028	Unicorn-3792.exe
2392	Unicorn-11960.exe
2428	Unicorn-48162.exe
2956	Unicorn-60414.exe
2680	Unicorn-58368.exe
2972	Unicorn-60149.exe
1100	Unicorn-63678.exe
1808	Unicorn-55510.exe
2200	Unicorn-51981.exe
1552	Unicorn-4263.exe
1668	Unicorn-22646.exe
2664	Unicorn-6309.exe
3724	Unicorn-47150.exe
4576	Unicorn-23200.exe
4872	Unicorn-63486.exe
1540	Unicorn-23200.exe
1724	Unicorn-5355.exe
4792	Unicorn-55318.exe
4696	Unicorn-30549.exe
2960	Unicorn-8155.exe
1256	Unicorn-21384.exe
2764	Unicorn-47372.exe
3448	Unicorn-49418.exe
748	Unicorn-20638.exe
3512	Unicorn-34788.exe
720	Unicorn-62822.exe
4448	Unicorn-1177.exe
1720	Unicorn-15467.exe
2612	Unicorn-21598.exe
3376	Unicorn-18068.exe
4848	Unicorn-34404.exe
3668	Unicorn-26236.exe
4856	Unicorn-37934.exe
1512	Unicorn-8888.exe
4860	Unicorn-25490.exe
4212	Unicorn-54825.exe
4540	Unicorn-13237.exe
784	Unicorn-54078.exe
3388	Unicorn-28612.exe
4048	Unicorn-45148.exe
1052	Unicorn-34212.exe
4636	Unicorn-9153.exe
1544	Unicorn-30128.exe
5064	Unicorn-64284.exe
3952	Unicorn-49729.exe
2012	Unicorn-39780.exe
840	Unicorn-45910.exe
2628	Unicorn-63782.exe
3544	Unicorn-20703.exe
3524	Unicorn-39086.exe
2988	Unicorn-41176.exe
2440	Unicorn-48790.exe
736	Unicorn-48790.exe
1260	Unicorn-40165.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 3896	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	82
PID 216 wrote to memory of 3896	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	82
PID 216 wrote to memory of 3896	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	82
PID 3896 wrote to memory of 4520	3896	Unicorn-52806.exe	83
PID 3896 wrote to memory of 4520	3896	Unicorn-52806.exe	83
PID 3896 wrote to memory of 4520	3896	Unicorn-52806.exe	83
PID 216 wrote to memory of 4392	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	84
PID 216 wrote to memory of 4392	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	84
PID 216 wrote to memory of 4392	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	84
PID 4392 wrote to memory of 4184	4392	Unicorn-18680.exe	85
PID 4392 wrote to memory of 4184	4392	Unicorn-18680.exe	85
PID 4392 wrote to memory of 4184	4392	Unicorn-18680.exe	85
PID 4520 wrote to memory of 4144	4520	Unicorn-9957.exe	86
PID 4520 wrote to memory of 4144	4520	Unicorn-9957.exe	86
PID 4520 wrote to memory of 4144	4520	Unicorn-9957.exe	86
PID 216 wrote to memory of 3096	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	87
PID 216 wrote to memory of 3096	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	87
PID 216 wrote to memory of 3096	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	87
PID 3896 wrote to memory of 4156	3896	Unicorn-52806.exe	88
PID 3896 wrote to memory of 4156	3896	Unicorn-52806.exe	88
PID 3896 wrote to memory of 4156	3896	Unicorn-52806.exe	88
PID 4144 wrote to memory of 3784	4144	Unicorn-24322.exe	89
PID 4144 wrote to memory of 3784	4144	Unicorn-24322.exe	89
PID 4144 wrote to memory of 3784	4144	Unicorn-24322.exe	89
PID 4520 wrote to memory of 2392	4520	Unicorn-9957.exe	91
PID 4520 wrote to memory of 2392	4520	Unicorn-9957.exe	91
PID 4520 wrote to memory of 2392	4520	Unicorn-9957.exe	91
PID 4184 wrote to memory of 2488	4184	Unicorn-24322.exe	90
PID 4184 wrote to memory of 2488	4184	Unicorn-24322.exe	90
PID 4184 wrote to memory of 2488	4184	Unicorn-24322.exe	90
PID 4392 wrote to memory of 2028	4392	Unicorn-18680.exe	92
PID 4392 wrote to memory of 2028	4392	Unicorn-18680.exe	92
PID 4392 wrote to memory of 2028	4392	Unicorn-18680.exe	92
PID 3096 wrote to memory of 2428	3096	Unicorn-50864.exe	93
PID 3096 wrote to memory of 2428	3096	Unicorn-50864.exe	93
PID 3096 wrote to memory of 2428	3096	Unicorn-50864.exe	93
PID 4156 wrote to memory of 2956	4156	Unicorn-37128.exe	94
PID 4156 wrote to memory of 2956	4156	Unicorn-37128.exe	94
PID 4156 wrote to memory of 2956	4156	Unicorn-37128.exe	94
PID 216 wrote to memory of 2972	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	95
PID 216 wrote to memory of 2972	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	95
PID 216 wrote to memory of 2972	216	137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe	95
PID 3896 wrote to memory of 2680	3896	Unicorn-52806.exe	96
PID 3896 wrote to memory of 2680	3896	Unicorn-52806.exe	96
PID 3896 wrote to memory of 2680	3896	Unicorn-52806.exe	96
PID 3784 wrote to memory of 1100	3784	Unicorn-7321.exe	100
PID 3784 wrote to memory of 1100	3784	Unicorn-7321.exe	100
PID 3784 wrote to memory of 1100	3784	Unicorn-7321.exe	100
PID 2028 wrote to memory of 1808	2028	Unicorn-3792.exe	102
PID 2028 wrote to memory of 1808	2028	Unicorn-3792.exe	102
PID 2028 wrote to memory of 1808	2028	Unicorn-3792.exe	102
PID 4144 wrote to memory of 2200	4144	Unicorn-24322.exe	103
PID 4144 wrote to memory of 2200	4144	Unicorn-24322.exe	103
PID 4144 wrote to memory of 2200	4144	Unicorn-24322.exe	103
PID 4392 wrote to memory of 1552	4392	Unicorn-18680.exe	105
PID 4392 wrote to memory of 1552	4392	Unicorn-18680.exe	105
PID 4392 wrote to memory of 1552	4392	Unicorn-18680.exe	105
PID 3896 wrote to memory of 4696	3896	Unicorn-52806.exe	106
PID 3896 wrote to memory of 4696	3896	Unicorn-52806.exe	106
PID 3896 wrote to memory of 4696	3896	Unicorn-52806.exe	106
PID 2680 wrote to memory of 2664	2680	Unicorn-58368.exe	104
PID 2680 wrote to memory of 2664	2680	Unicorn-58368.exe	104
PID 2680 wrote to memory of 2664	2680	Unicorn-58368.exe	104
PID 2488 wrote to memory of 1668	2488	Unicorn-31826.exe	107

C:\Users\Admin\AppData\Local\Temp\137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe
"C:\Users\Admin\AppData\Local\Temp\137d74695acdd04f680995a63079c4117791228c8e3656f4a3b88c737fef9267N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        10⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        11⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        11⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        10⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        9⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        10⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        9⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        9⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        9⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        8⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        10⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        10⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        10⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        9⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        8⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19834.exe
        9⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        9⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        8⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        7⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        7⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        10⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        9⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        7⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        8⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        7⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        9⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        9⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        9⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        9⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        8⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59994.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        9⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        9⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        8⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        6⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        8⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        7⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        7⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6880.exe
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        8⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        6⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
        9⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        10⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        9⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        8⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        7⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        8⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        7⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
        7⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        7⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        6⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29886.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        7⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        6⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        5⤵
        
        PID:5468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 632
        6⤵
        Program crash
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        8⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        7⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        6⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        7⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        6⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28759.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        5⤵
        
        PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
      4⤵
      PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        9⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        7⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        8⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        7⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3372.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55783.exe
        6⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        7⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        7⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        6⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        6⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        7⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        6⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        8⤵
        
        PID:14328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14328 -s 436
        9⤵
        Program crash
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40090.exe
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        5⤵
        
        PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
      4⤵
      PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
      4⤵
      PID:5596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        6⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
        8⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        9⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        9⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        8⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        8⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        6⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        7⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        5⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        6⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
        7⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
        5⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        5⤵
        
        PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        6⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        5⤵
        
        PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
      4⤵
      PID:15388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        6⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        5⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        6⤵
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        6⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      4⤵
      PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        5⤵
        
        PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32195.exe
      4⤵
      PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
      4⤵
      PID:13020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33866.exe
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        5⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        5⤵
        
        PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
      4⤵
      PID:18388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
    3⤵
    PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        5⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        6⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        5⤵
        
        PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
      4⤵
      PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        5⤵
        
        PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60434.exe
      4⤵
      PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
      4⤵
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
    3⤵
    PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
      4⤵
      PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
      4⤵
      PID:12620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22383.exe
    3⤵
    PID:10360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
    3⤵
    PID:4056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8453.exe
        9⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        9⤵
        
        PID:16600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40505.exe
        8⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60705.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
        6⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        7⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24271.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        7⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23216.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        6⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        5⤵
        
        PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        7⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
      4⤵
      PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
      4⤵
      PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        9⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        9⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        7⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        8⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        7⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        5⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        6⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        7⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        6⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1836.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        5⤵
        Executes dropped EXE
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        6⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47643.exe
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20775.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        6⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3753.exe
      4⤵
      PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
      4⤵
      PID:12088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        7⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32218.exe
        6⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
      4⤵
      PID:16484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
      4⤵
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
        7⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        5⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
      4⤵
      PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        5⤵
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
      4⤵
      PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
      4⤵
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
    3⤵
    PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
    3⤵
    PID:11620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
    3⤵
    PID:9880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        7⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        6⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        6⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
      4⤵
      PID:1400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        5⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        7⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        6⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
        5⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        5⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40896.exe
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
      4⤵
      PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
      4⤵
      PID:10920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        5⤵
        
        PID:17952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
    3⤵
    PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        6⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        6⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
      4⤵
      PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
      4⤵
      PID:16112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
    3⤵
    PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
    3⤵
    PID:8836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
    3⤵
    PID:17116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24000.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        6⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18877.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        5⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        6⤵
        
        PID:18028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
      4⤵
      PID:17160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12609.exe
      4⤵
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        6⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        5⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
        6⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        5⤵
        
        PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        5⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        6⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
      4⤵
      PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
      4⤵
      PID:1108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        5⤵
        
        PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      4⤵
      PID:14944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
    3⤵
    PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
      4⤵
      PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
    3⤵
    PID:15484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        6⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
    3⤵
    PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
    3⤵
    PID:8748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
    3⤵
    PID:13668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
        5⤵
        
        PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      4⤵
      PID:14364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
      4⤵
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
      4⤵
      PID:14296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
    3⤵
    PID:12736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
  2⤵
  PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        5⤵
        
        PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
      4⤵
      PID:15036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
    3⤵
    PID:10248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
    3⤵
    PID:15332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
  2⤵
  PID:7660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
  2⤵
  PID:10924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
  2⤵
  PID:15832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5468 -ip 5468
1⤵
PID:8084

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe

Filesize
468KB

MD5
59c9770cf366e822ebe24e7e07c38d36

SHA1
f2b61a69eb2148585f279babd123f59c5c381d39

SHA256
9ee7a82f235744ce59244930082cb8e27ada5e75143c591c22f579a29befad99

SHA512
5a4c35845b5a703b7281999419c01689b89b5e09ad6569cb454d2d73e32c88ead533a823f5aac137e432a9e446a42cc1f3155b80e87a0a6f819ffc2040e26c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18680.exe

Filesize
468KB

MD5
b260dce9fc05bc36f7387e1982660ea7

SHA1
50804ca583d36158ad2966ed52e86503346742b7

SHA256
d588c0552dd49771ffe609c50fddaa6c91504d2fdcd161b08700a6616f8b33ba

SHA512
d96f0cc390d4e812a06907a43d7492787e5af88ed7d37878615fec4e4c510120bee9a0d69d328bd8c72a56d5539a727aca6ae6c35772e0b4ea67a45596066d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe

Filesize
468KB

MD5
a7c8bd834877c226277254b5f680cc77

SHA1
ea9dd5f97fd979c846c75488f359df62910dbbe6

SHA256
d9754daa8e62d1c6e43cbb26ef5cbae5d7f418cf21d5461836d7b6ee6a8e075f

SHA512
04962941bbe9d2b19b6473c2c86d4cd8d22a4f3d67b7b9378313d91194720610dbadb5c83908dbbf921ade715032ba3820f378dc4eaae558ce1676cdda6ddadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe

Filesize
468KB

MD5
5eccf2d41b7c3554ee14c857f51315af

SHA1
a64396f01423a49dd4e5533fc8896b0f75eb08ea

SHA256
449f0ad95ec33a210d54bf9c414fc61cee9d3bb9cb1378337cbf03b496db4176

SHA512
dd35a02ee68384949411274c27e7574a3d3f84f81422a5c17a458e2029379136c63f5a407df48b966bab97d5c595251c6749c65bc0c735cc804bdd6f76110334

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe

Filesize
468KB

MD5
6b3345ce95c454a580854d551082f82b

SHA1
9a39e1f2d03ceebb2275943ce16cda74f0e4bdef

SHA256
23e06893b3d1b71eb6d3bc6e1e9ae25191b8df39aa9127bad388d63eac1f93d5

SHA512
d86b1cceb95500dd31445c1dcc4a20344742cc0a264ab08a150a018a193009ddc745e5cd1a588d66a31324b0d908d1b4d7983a5c71758dd11bab43241cb76af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe

Filesize
468KB

MD5
42ee7d32ff98ba29f801af2fc2193f36

SHA1
3e57a54f0e7d3191e7c5eac706c2d8906d9cac62

SHA256
925953c298db5a3bea4be32188ab3207a236ebe24b7b11000188b5727787ec0b

SHA512
22e839e7161ebc1710a9cb24939178e776563fa1a83a2b6167f62f3fb6065a2d433448751e8e39a9e6f50d9aa3ee99f4bd5b875aed6640073d238717872b26eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe

Filesize
468KB

MD5
a3748d9f95f07258f369849b8e03d766

SHA1
24ac319c34dd19c43e57eedab5177febe39bb31a

SHA256
65ba6832e07acc4e26a4b9121c20ed8dbf8d0a2c670a07f9c362b3930552e6ef

SHA512
8816629a2062967cbc52010d452237f3b95b135de762f77a20135183e5e02b949e9cfc42797465b06d2038a1f9d4ee96de226e79258da1e1ad3ee77e825c9385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe

Filesize
468KB

MD5
7575aa1304fb0990ba61859b7339f67f

SHA1
89d447ed8bb4a5913a35af509b7f0c9e41706c2a

SHA256
544041234f6009081338f155432d26eedc3b131f7258c47f78876758eb6e6d3d

SHA512
1fee4b26eb4b3d3e5778b77d32c56f83158f98e07a241a1b9692bea80e757cc09cfd434ca2238240f32d0f3961871b62526e565eabc16a84180008da7e73ff88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe

Filesize
468KB

MD5
ddb7f0be661d21c8975510c1d9580511

SHA1
e690b9a922fba1760b0e5566d08634d4719adaa5

SHA256
d079756a52520b2ee785576cfe4174c5e82c0f7b8aa65a0c3ac9ff33515a8620

SHA512
db084de8e44f9b5c9624dfbd2f020315f4550fddbe81148a7dfda20b1e6e0dcf5a69a4dfca0adbfbacf5e1ea3bce2e0f04b43debd3a3c00558832455600fc481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe

Filesize
468KB

MD5
2c852ee384deb855bc8ead79471512d4

SHA1
682ca405554776b7fc3ae69a63bdc4c8dbbf5dca

SHA256
8ec604a19639639d4ebcb16c745b2c3942e15d3bb0cda392607781bf03579441

SHA512
7ef3283d51bfd48619bcde039b8a65ed2d86ca5631ea8a43fca4e7596180046481c8ca838f67388205cfc84e6f4fd82f35e69c6cd18a008dd686a37d211c27c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe

Filesize
468KB

MD5
52d53a72287b4d5a8c783071377d562a

SHA1
69e594dbfa2ca849a3f69488ec30f91bf807a3b7

SHA256
bafa4efc97756b57240355bacc946695251bbbd6981fbb480a4a03cd9c526cf0

SHA512
6352226053766462138e3f74187660e987bd4311f63748d93a7fd752887d3c20875968fdf625605cd91ab532803f95006ba2c941bb156d2c42548cb674037afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4263.exe

Filesize
468KB

MD5
4437d617f42e789578ce2ec2b8ab6021

SHA1
bb14d1c2039b7413fd3520a86b8598491f9a3806

SHA256
63a182f94ba63bcaee90d454eba2af9b6516b99bda8155d6dc04eecdf7f8b1bf

SHA512
721554a73237763fd6c2656eedea15fbd68e06c3572da3c4873092b2c15606220e61912c96b076b5b2c68dedd0e0a24a95f414f47cb0d0fe649be822fb0e0214

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe

Filesize
468KB

MD5
c043fed2df9ee1f9cb0653954e8b8711

SHA1
5afc4682b671e8c0b957f60e4a3571e59dc3ba0d

SHA256
c9e13892d6d313a0d099145ad6ca000e89425b7f67d19e832c9e98e09a76d0e5

SHA512
98ba325e8e0eeaf4d2a367080a3293e37d21f7f1b6ed3263148f179ac8498b33083fc391c84b9f61eee6a7666ce8d2ffbe7f99953d30af2ccafb29e3c9e2f2dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe

Filesize
468KB

MD5
4ceba39b4e9a274c5abd6ed694c9c576

SHA1
d6ec1100b253dcf367a171285df59b394d3618e7

SHA256
0a7e2c3b7216b109ce83d98bb7354b077ba9c6cbc235c7f0d79abb3d267e5ea6

SHA512
6b4dd5cd1fec002f74a2bbc25363ea6007f9b850187f4055c3cf5aa608500387ccca0558f1bb7a86e62810b7aad6a2a04ba7ed085c6a88e522ecb68a58819ff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe

Filesize
468KB

MD5
8517d5ca4fa665ff123820c1bce0992f

SHA1
0f8492523a3c418fb52947b5d2cfa0b752d02a39

SHA256
a637c45c7972cce2fe5a2cc46ba2e9519b0ed1fa1fb7c511a68a0a25e84c92cc

SHA512
563543f9f395eca86d02e5407837c1444457cc00df8e9d65f0db9b5c1a60abf8e71ef00cea29021873a9c89222d0edfca260022ccfd93a42a94b9d877792af6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe

Filesize
468KB

MD5
05d33d15b2d111ff6235205c17bc47d0

SHA1
dc65617318a6c7cb717878730166beb9345c2fc7

SHA256
1e108a745f7f2f81f544838b7f410a4abba4e843cd00e6e512ebfd1c74372fb3

SHA512
b451b469ab335aab85d451b7be0e39420b8d44d3941e36e42216e75dbb84514a2bb6acf19b7228cd308c19a0908463018bd9f44b97c7527986c884d0f558f973

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe

Filesize
468KB

MD5
1e7287ec43d04c5538084c7ba3b621aa

SHA1
bc6620bebe6d8de6c52c58b9d7c05390db5fc1b2

SHA256
ac2253d819bff458586466e6758f5d41caf3377016b7f3901f6488cf60bfcab9

SHA512
6421cb76ecc19b689da878c2a2fb55efb4bc7fa55a9f8b7814a0aee5226062b34e503fad655abc7765e0f11888dcb913ba05e0815e734023dbe58a6d77654333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe

Filesize
468KB

MD5
682665cf61691d05ed4cc05656410c3a

SHA1
35c7c3c339baa6d0bd54e98c5580d4fdac49701c

SHA256
80a38a00cbc357444cb4cdef47bdebf3e29ca20c101918a7aac3a7a050d338cf

SHA512
65006ee9e4a32bc0753f2b1c0471fd4c61a006c3c846898f0571d50ae32f5674a52e713b740daf7a4f0458eaaeca35fdbc7f58529684ff7913a8140f6ed47829

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe

Filesize
468KB

MD5
75e5bce6585e059b540bffb3b202bd3a

SHA1
1de78ca3c0aeefe4beca6679cb8425356301b9b7

SHA256
06d38563085b449e8e728009b2ebd0b2a46f7401354d65dc5527c4c59913420b

SHA512
6b24cf6045f53b643dcc925708f05606f1ac8268288a76e07d2cb6f9f19e2efbe347698a43f964c6249e8290b8fd9be3aaf5a0e3194190d24122842b2751fa24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe

Filesize
468KB

MD5
70376efb36de4fe62c8dac4863a57986

SHA1
22040ddf35b5926a39c53d7a936edb71ba764a18

SHA256
07b39863f8247276fb1c58a401958ddb5ba0939a31f8d7d53314ec86d58efd75

SHA512
6f0e48d64531fc49c17961c6d73fd7059736b35a74121e3eeda34bbe32aca6506c5e9dab71d046568c499b9fcfe80eb6289b6ca37913c654f32328ae6c5f7337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe

Filesize
468KB

MD5
3d459d7f1beab38ebd8dac061eeca058

SHA1
faecd134278a07545152d74fd4c6662bb730f6d5

SHA256
1951bb2de6e1e4f557d38b916749cd65a9741fceb017a0957b479f129437e52e

SHA512
aa5d98b53311cea0b11b0490d83e3f9fcabf627168fe7d2c8c5bf27846e01453db5ba580a5f2573bc064b517793c8f5655f7df16e02a6c7f6412bf6d1f6321d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe

Filesize
468KB

MD5
e26d8bd03549124d9b7c2210017dd970

SHA1
e4e1a64b1b3d1b75086f1655f37240c3e7c92964

SHA256
cae278066c9ac5cbd9fadd77142b73fae29377d8e9a1b2001abc373b39b58ba3

SHA512
67b0af3b4c4bee0c3eaa082fd090d7b3144f3a7abe1f5c392fcd9efb99cae59a011bd08ca2cbbcfd5bebacfcaac3a68b942a4643001c8594801d8204e7b8d2c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe

Filesize
468KB

MD5
ba950670e26d7b8ef4a130b159c1eb38

SHA1
b759215de5c1aabdd6623d8295d7d1b65e4807f5

SHA256
23ad79a9203d369ba203975468a2e422ae9670d0df43bece0b1eb7a3aa0e427d

SHA512
335402fa301de597d304c263118c972b161f4c5382bce4bd456202c02378b2160aa184392e3928de2db6c08513672a2a5f9892ce4136d6a6f97a4773a74abfd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe

Filesize
468KB

MD5
a84705af2cd9d4e2fa2a0a1a6e2e66e9

SHA1
8f9f80b8ac647df7ad49a25099a4310879b5875e

SHA256
395e85a60e88d4a105e426768e4f008faa0d372dc59338b6010bad8c2111ca0e

SHA512
34c3e1ed95e97b56935204dd16efd50117725c1a9ce284111b74111f68204f954d9f359939fcf45af137a28bb0fd9f6dc885534b7126103e73ca980cf791aba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe

Filesize
468KB

MD5
f808062ee3ca73356ffb566d65650e12

SHA1
879d27bc1dfd7a9010f34dd7411f553708f388bd

SHA256
5cca9fabbdb382f97c229e0165bb618b847ec5757e8fce76538ffad7f8c6933a

SHA512
474c24a5ca97b8392143d06f816179278e945f56475397c3b47ad10f1563b08546357bb6d92d078c6e92fb0263ba8c057038685fd3ba1c793249df80f23e8623

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe

Filesize
468KB

MD5
6123c140356e8339d3f11ceb2c1574c2

SHA1
1ff7cbfbb72dca2563891fcc51f4c8cb9a97fb77

SHA256
881902a908acc57bbdd8c7a1b3e541295a7270c22efabe6c1fe6742b55c45e11

SHA512
82f889f1bdcf31f7236fd548096979037c5a189fd41c394e6ce42b5de17ee085b0cd3eb146d322b759acca515bebd074db445692a96f8418b407cc5e74f4fbb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe

Filesize
468KB

MD5
923c5f355de095b55b86ea4cebdf2c3a

SHA1
14104fa2ada871757de30dff98ef678b9cdde55f

SHA256
1b80cfc6fe373ea6743799ba1939e87ffb32411464992d7827bfff2fa1ffe9f8

SHA512
253a36feb024f20ff33c274158c8629497bb88b5e78110c269d8d7d4d6dd4e77838bc476137b8405b784dd09a8dac3c9500971658277d935b655103a1b67a13b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe

Filesize
468KB

MD5
9104f1e50bdbcf16d3d43305457f435f

SHA1
05aac1e5476f9f2646c08cc6de33eab6e2603bdf

SHA256
0cf37c6824ea99dc9e5c7192f07df6e32707a117bbf4ab4a5647e0567fbcdb8d

SHA512
5e40dc7488df3698c9840657adaca65f73c0f7d7cf5ad82efa5e45d29a449fb0365addbe3dcdbde1b143c6a2bb062e5771effd1f89362568fdaa7ce00bd77268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe

Filesize
468KB

MD5
4f8e569369c2e623a385fb2ed5041cf4

SHA1
24c7e60a4e4d09f59eb86f97119828a54b0ae0cd

SHA256
d0c19a79863922c489c3dcf10eb4c9adabbd0888d857a8dd6b43aff12c0b4483

SHA512
3598ff47b7c97c6dda0bcba630def61aae62825676d88d703b683e91208393867ff555732f742ed17aac28b804ce70b3964fca1e9aa0274cd21ccf109f11d837

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe

Filesize
468KB

MD5
b21fa072be9eb0e04bb81fc73c1da54c

SHA1
18737de6a92c4e0ddaf247778d5f51418cbd2375

SHA256
bcda924b57e8f07d17b0215ebedda884f1eb54f9a700a29efd162cf7be855b9f

SHA512
2efe493a3b0c336606deb450c9d4d7618ded2da90a6a195ab948d362bb5553c991dc5cc7902557562a2bdd2a73ee19445c131280ab07b09b216cca13aae5cd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe

Filesize
468KB

MD5
1793ae901b67738cf03b6d056fcdde5d

SHA1
adac24b0f9b01a4440eb6548928577dac7296793

SHA256
2ed3b9c489a3d26666fd3c347a9a039f95e42c32b9957ae9779b0f3977cc067f

SHA512
d8db080432896de2e73b682d5eb3b68be765776241d15b7c1c68ed43c4c52af82dd9be4fffecd993f8d1b9ed70cc3406e855b2e5922d99a988cef1fd43b86a83

Download Submit
memory/216-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/404-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/652-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/720-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/736-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/784-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/860-472-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1048-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1100-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1228-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1256-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1668-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1724-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1952-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2028-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2200-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2392-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2428-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2612-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-2477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2960-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3096-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3376-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3388-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3448-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3544-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3616-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3724-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3728-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3784-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3952-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4144-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4184-30-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4212-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4228-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4580-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4636-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4696-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4792-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4856-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5212-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5236-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5280-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5300-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5388-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-559-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5452-562-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5468-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5928-2415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13664-2414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads