688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833

Analysis

max time kernel
119s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe
Size

468KB
MD5

a9e9b8aaf62832b97ddf70b468d62260
SHA1

9a14b6ab60411450a376c97f7acd60458a9bb5b5
SHA256

688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833
SHA512

e2f651a21a3866cf8db702e9fb3284e92b5094d65ee3b9f37b09df8847affe5c5f146757000d45f7acd3196163b12189f49022fcec657923321dff8311113099
SSDEEP

3072:pq0RogFdjY8U2bxUPzsWff5kC9TWEpXkmHevVpfnt4CQ3zha4tblC:pqyoq1U22PQWffEIunt4Cu1a4t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4292	Unicorn-46229.exe
556	Unicorn-45845.exe
1316	Unicorn-58844.exe
3592	Unicorn-30786.exe
4016	Unicorn-56451.exe
4844	Unicorn-42715.exe
4112	Unicorn-39643.exe
4476	Unicorn-48565.exe
1796	Unicorn-11787.exe
4884	Unicorn-25522.exe
2024	Unicorn-31388.exe
5000	Unicorn-44738.exe
3444	Unicorn-56371.exe
2596	Unicorn-58396.exe
5060	Unicorn-58396.exe
3908	Unicorn-30597.exe
1780	Unicorn-40995.exe
3644	Unicorn-48194.exe
5072	Unicorn-43019.exe
4548	Unicorn-62885.exe
3812	Unicorn-54147.exe
2080	Unicorn-62812.exe
5048	Unicorn-30213.exe
724	Unicorn-63477.exe
4324	Unicorn-26699.exe
4416	Unicorn-46300.exe
4064	Unicorn-32341.exe
4976	Unicorn-32341.exe
1228	Unicorn-9874.exe
4636	Unicorn-59075.exe
2268	Unicorn-31189.exe
888	Unicorn-13627.exe
4600	Unicorn-628.exe
3456	Unicorn-27855.exe
4400	Unicorn-2548.exe
4132	Unicorn-18309.exe
2800	Unicorn-18309.exe
1044	Unicorn-1972.exe
1928	Unicorn-50908.exe
4168	Unicorn-47836.exe
3104	Unicorn-2164.exe
5052	Unicorn-50597.exe
1568	Unicorn-8795.exe
2356	Unicorn-47260.exe
3572	Unicorn-14395.exe
2204	Unicorn-25330.exe
1076	Unicorn-40539.exe
2348	Unicorn-61557.exe
4620	Unicorn-28117.exe
3056	Unicorn-41307.exe
4644	Unicorn-18709.exe
4552	Unicorn-13647.exe
4864	Unicorn-51573.exe
4256	Unicorn-42643.exe
1428	Unicorn-31131.exe
3824	Unicorn-50997.exe
3172	Unicorn-19394.exe
2680	Unicorn-17483.exe
3576	Unicorn-17483.exe
4996	Unicorn-17941.exe
2624	Unicorn-30363.exe
4624	Unicorn-50229.exe
5088	Unicorn-27762.exe
5108	Unicorn-52917.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
64	12448	WerFault.exe	594
6668	14620	WerFault.exe	733

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-388.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2328	dwm.exe
Token: SeChangeNotifyPrivilege	2328	dwm.exe
Token: 33	2328	dwm.exe
Token: SeIncBasePriorityPrivilege	2328	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe
4292	Unicorn-46229.exe
1316	Unicorn-58844.exe
556	Unicorn-45845.exe
3592	Unicorn-30786.exe
4016	Unicorn-56451.exe
4844	Unicorn-42715.exe
4112	Unicorn-39643.exe
1796	Unicorn-11787.exe
4884	Unicorn-25522.exe
4476	Unicorn-48565.exe
2024	Unicorn-31388.exe
5000	Unicorn-44738.exe
3444	Unicorn-56371.exe
2596	Unicorn-58396.exe
5060	Unicorn-58396.exe
3908	Unicorn-30597.exe
3644	Unicorn-48194.exe
1780	Unicorn-40995.exe
5072	Unicorn-43019.exe
2080	Unicorn-62812.exe
5048	Unicorn-30213.exe
3812	Unicorn-54147.exe
4548	Unicorn-62885.exe
724	Unicorn-63477.exe
4416	Unicorn-46300.exe
4324	Unicorn-26699.exe
1228	Unicorn-9874.exe
4636	Unicorn-59075.exe
4976	Unicorn-32341.exe
4064	Unicorn-32341.exe
2268	Unicorn-31189.exe
888	Unicorn-13627.exe
4600	Unicorn-628.exe
3456	Unicorn-27855.exe
4400	Unicorn-2548.exe
2800	Unicorn-18309.exe
4132	Unicorn-18309.exe
1044	Unicorn-1972.exe
1928	Unicorn-50908.exe
4168	Unicorn-47836.exe
5052	Unicorn-50597.exe
1568	Unicorn-8795.exe
2204	Unicorn-25330.exe
3572	Unicorn-14395.exe
3104	Unicorn-2164.exe
2356	Unicorn-47260.exe
1076	Unicorn-40539.exe
2348	Unicorn-61557.exe
4620	Unicorn-28117.exe
3056	Unicorn-41307.exe
4644	Unicorn-18709.exe
1428	Unicorn-31131.exe
4552	Unicorn-13647.exe
4256	Unicorn-42643.exe
4864	Unicorn-51573.exe
3824	Unicorn-50997.exe
3172	Unicorn-19394.exe
3576	Unicorn-17483.exe
2680	Unicorn-17483.exe
4996	Unicorn-17941.exe
5088	Unicorn-27762.exe
2624	Unicorn-30363.exe
4624	Unicorn-50229.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 4292	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	82
PID 4456 wrote to memory of 4292	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	82
PID 4456 wrote to memory of 4292	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	82
PID 4292 wrote to memory of 556	4292	Unicorn-46229.exe	83
PID 4292 wrote to memory of 556	4292	Unicorn-46229.exe	83
PID 4292 wrote to memory of 556	4292	Unicorn-46229.exe	83
PID 4456 wrote to memory of 1316	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	84
PID 4456 wrote to memory of 1316	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	84
PID 4456 wrote to memory of 1316	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	84
PID 1316 wrote to memory of 3592	1316	Unicorn-58844.exe	85
PID 1316 wrote to memory of 3592	1316	Unicorn-58844.exe	85
PID 1316 wrote to memory of 3592	1316	Unicorn-58844.exe	85
PID 4292 wrote to memory of 4844	4292	Unicorn-46229.exe	86
PID 4292 wrote to memory of 4844	4292	Unicorn-46229.exe	86
PID 4292 wrote to memory of 4844	4292	Unicorn-46229.exe	86
PID 4456 wrote to memory of 4016	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	87
PID 4456 wrote to memory of 4016	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	87
PID 4456 wrote to memory of 4016	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	87
PID 556 wrote to memory of 4112	556	Unicorn-45845.exe	92
PID 556 wrote to memory of 4112	556	Unicorn-45845.exe	92
PID 556 wrote to memory of 4112	556	Unicorn-45845.exe	92
PID 4016 wrote to memory of 4476	4016	Unicorn-56451.exe	93
PID 4016 wrote to memory of 4476	4016	Unicorn-56451.exe	93
PID 4016 wrote to memory of 4476	4016	Unicorn-56451.exe	93
PID 1316 wrote to memory of 1796	1316	Unicorn-58844.exe	94
PID 1316 wrote to memory of 1796	1316	Unicorn-58844.exe	94
PID 1316 wrote to memory of 1796	1316	Unicorn-58844.exe	94
PID 4456 wrote to memory of 2024	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	96
PID 4456 wrote to memory of 2024	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	96
PID 4456 wrote to memory of 2024	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	96
PID 4292 wrote to memory of 4884	4292	Unicorn-46229.exe	95
PID 4292 wrote to memory of 4884	4292	Unicorn-46229.exe	95
PID 4292 wrote to memory of 4884	4292	Unicorn-46229.exe	95
PID 4112 wrote to memory of 5000	4112	Unicorn-39643.exe	98
PID 4112 wrote to memory of 5000	4112	Unicorn-39643.exe	98
PID 4112 wrote to memory of 5000	4112	Unicorn-39643.exe	98
PID 556 wrote to memory of 3444	556	Unicorn-45845.exe	99
PID 556 wrote to memory of 3444	556	Unicorn-45845.exe	99
PID 556 wrote to memory of 3444	556	Unicorn-45845.exe	99
PID 3592 wrote to memory of 5060	3592	Unicorn-30786.exe	101
PID 4844 wrote to memory of 2596	4844	Unicorn-42715.exe	100
PID 3592 wrote to memory of 5060	3592	Unicorn-30786.exe	101
PID 3592 wrote to memory of 5060	3592	Unicorn-30786.exe	101
PID 4844 wrote to memory of 2596	4844	Unicorn-42715.exe	100
PID 4844 wrote to memory of 2596	4844	Unicorn-42715.exe	100
PID 1796 wrote to memory of 3908	1796	Unicorn-11787.exe	102
PID 1796 wrote to memory of 3908	1796	Unicorn-11787.exe	102
PID 1796 wrote to memory of 3908	1796	Unicorn-11787.exe	102
PID 1316 wrote to memory of 1780	1316	Unicorn-58844.exe	103
PID 1316 wrote to memory of 1780	1316	Unicorn-58844.exe	103
PID 1316 wrote to memory of 1780	1316	Unicorn-58844.exe	103
PID 4476 wrote to memory of 3644	4476	Unicorn-48565.exe	104
PID 4476 wrote to memory of 3644	4476	Unicorn-48565.exe	104
PID 4476 wrote to memory of 3644	4476	Unicorn-48565.exe	104
PID 4016 wrote to memory of 5072	4016	Unicorn-56451.exe	105
PID 4016 wrote to memory of 5072	4016	Unicorn-56451.exe	105
PID 4016 wrote to memory of 5072	4016	Unicorn-56451.exe	105
PID 2024 wrote to memory of 4548	2024	Unicorn-31388.exe	106
PID 2024 wrote to memory of 4548	2024	Unicorn-31388.exe	106
PID 2024 wrote to memory of 4548	2024	Unicorn-31388.exe	106
PID 4884 wrote to memory of 5048	4884	Unicorn-25522.exe	107
PID 4884 wrote to memory of 5048	4884	Unicorn-25522.exe	107
PID 4884 wrote to memory of 5048	4884	Unicorn-25522.exe	107
PID 4456 wrote to memory of 3812	4456	688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe	108

C:\Users\Admin\AppData\Local\Temp\688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe
"C:\Users\Admin\AppData\Local\Temp\688ced4db6b38006adcfd59dfbc4d64e56cfb8ca0b555c952712896f113bd833N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3016.exe
        10⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        9⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        9⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        9⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        9⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        9⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        9⤵
        
        PID:17748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        10⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        9⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        9⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        9⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17451.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        7⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        6⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        6⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        9⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        8⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        9⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        9⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        8⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        7⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47867.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        9⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
        7⤵
        
        PID:15508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        7⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        7⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        6⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        5⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        5⤵
        
        PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
        9⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        9⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        9⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
        7⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        6⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        7⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        9⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
        9⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        8⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        6⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        7⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6746.exe
        6⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        7⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        6⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38357.exe
        7⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29419.exe
        6⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        6⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        6⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        6⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
      4⤵
      PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
      4⤵
      PID:16168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        9⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        9⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        8⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        7⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        6⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        7⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-388.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
        6⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54885.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        6⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
        5⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        5⤵
        
        PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        7⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        7⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        6⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        5⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        5⤵
        
        PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        6⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
      4⤵
      PID:15568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        9⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        8⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        7⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        7⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        7⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12448 -s 460
        8⤵
        Program crash
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        6⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        6⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        5⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        5⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        6⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48777.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        7⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        7⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        6⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61250.exe
        6⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
        7⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        6⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
      4⤵
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        6⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        5⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        5⤵
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
      4⤵
      PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
      4⤵
      PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        7⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        6⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        6⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        5⤵
        
        PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
      4⤵
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        6⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
      4⤵
      PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
      4⤵
      PID:16600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
        7⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        5⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        6⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        5⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        6⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
      4⤵
      PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        5⤵
        
        PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
      4⤵
      PID:16020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
    3⤵
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
      4⤵
      PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
    3⤵
    PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
      4⤵
      PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
    3⤵
    PID:8940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
    3⤵
    PID:14072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
    3⤵
    PID:17432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        9⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        10⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        9⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        9⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        6⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4596.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        7⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64976.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        6⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        7⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        7⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        7⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        5⤵
        
        PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        6⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        7⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        5⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        5⤵
        
        PID:14620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14620 -s 492
        6⤵
        Program crash
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        5⤵
        
        PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38357.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        8⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        7⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4500.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        6⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        6⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        7⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        5⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        7⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        6⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        8⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        7⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        5⤵
        
        PID:17740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        5⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        6⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
      4⤵
      PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      4⤵
      PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        8⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11510.exe
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        7⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        5⤵
        
        PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
      4⤵
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        7⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        6⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        5⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        6⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        5⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16712.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        5⤵
        
        PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
      4⤵
      PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
      4⤵
      PID:16768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25466.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        6⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        5⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        5⤵
        
        PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29058.exe
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
      4⤵
      PID:11668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
      4⤵
      PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
        5⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      4⤵
      PID:12812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      4⤵
      PID:16252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
    3⤵
    PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
      4⤵
      PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        5⤵
        
        PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
      4⤵
      PID:12304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
    3⤵
    PID:9804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        9⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        7⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        7⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
        6⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        9⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        7⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        6⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
        5⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        6⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
      4⤵
      PID:8644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        5⤵
        Executes dropped EXE
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1473.exe
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        7⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        7⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        7⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        6⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31234.exe
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
      4⤵
      PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        6⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        6⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        5⤵
        
        PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        5⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        5⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        5⤵
        
        PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
      4⤵
      PID:15664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
    3⤵
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        5⤵
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        5⤵
        
        PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      4⤵
      PID:12820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
    3⤵
    PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
      4⤵
      PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
      4⤵
      PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
    3⤵
    PID:5704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        7⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        7⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        7⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        6⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
      4⤵
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
        6⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        5⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        6⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        5⤵
        
        PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57865.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
      4⤵
      PID:14724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
      4⤵
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        5⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        6⤵
        
        PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
      4⤵
      PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        5⤵
        
        PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
    3⤵
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        5⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        6⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        5⤵
        
        PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
      4⤵
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
    3⤵
    PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      4⤵
      PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
      4⤵
      PID:18388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18578.exe
    3⤵
    PID:9228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64113.exe
    3⤵
    PID:12500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
    3⤵
    PID:3460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41484.exe
        6⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        5⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        6⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13860.exe
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        5⤵
        
        PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
      4⤵
      PID:756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
    3⤵
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        5⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        6⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50937.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        5⤵
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
      4⤵
      PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        5⤵
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
      4⤵
      PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
    3⤵
    PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        5⤵
        
        PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
      4⤵
      PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
      4⤵
      PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
    3⤵
    PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
    3⤵
    PID:13224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16588.exe
    3⤵
    PID:5764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
      4⤵
      PID:6944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
    3⤵
    PID:10268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
    3⤵
    PID:3664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
    3⤵
    PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
      4⤵
      PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
      4⤵
      PID:17404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
    3⤵
    PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
      4⤵
      PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
      4⤵
      PID:15604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
    3⤵
    PID:12836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
    3⤵
    PID:15720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
    3⤵
    PID:8092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
    3⤵
    PID:16240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
  2⤵
  PID:8680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
    3⤵
    PID:14308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
    3⤵
    PID:7884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
  2⤵
  PID:14248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
  2⤵
  PID:5232

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe

Filesize
468KB

MD5
72e4025bb95abfa89eaa7ebc7ac33896

SHA1
d76783e13028ff64cfda2ecbbee253f27dece3c6

SHA256
54dac7dbc846337f53b9bda58374de64bb12905d14cee35f47c81f214ba99bc0

SHA512
6af0ab21f92085fd191847150de810d0aa21290cc4521b8f53f309b8068de9bee9093c0443af6eada216aa941c61a594226d3a34391626f86e9fc3510dfc371c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe

Filesize
468KB

MD5
29f83da54c9676f1820a947ad653b618

SHA1
3b26619bb5c1bc113e511869a778f155186cdaea

SHA256
39603b04682d7d803d2d530ccfe709648400db92f0ff8dfcbc14a889fb7479ee

SHA512
f241cb0da9465c69aad9defa597aef03332e5e9df20400208ec5285353b3b7c5c288a689b44fd6343713c8d4aa1b26d8518e18f0bb59197b9480df88599408fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe

Filesize
468KB

MD5
24de4b2e2fbc121c6696a6dc0254f416

SHA1
7a7e46fccf74e3e9b23229c956eab7d3a99078c8

SHA256
750626c6efdd19c2a29231f5418520080639ae84a9bd8baaba1e960d27e27c97

SHA512
e59a3f367cdb02ebb4744f5b0cc526c480f8889ca9c507a5adee7f45370bf2c34560113b04368504d25a1840ce378e75142aa548810f488a6b3282e59320c6ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe

Filesize
468KB

MD5
00b110d568ac1e3517c50dd2d4ca7d29

SHA1
dafb3166031fe0f50f4bf352e2cdee12133228df

SHA256
9e4cd37eb864a7ade9834dcc580c7882f9a31d6cef8fabf8166f355d8ce57f92

SHA512
48d872f0568ae2b4cfa485317c97d87c83408c1fbaf868292015c3712b2c030ac4a8c1b605a814ce32f20788640caf52752a88c8be0525bbf15a1d5dc4684f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe

Filesize
468KB

MD5
ede3436451ab4bc73a75a3ba21d1d11a

SHA1
30d1135092097a42b1a406e2aff99493a2997d15

SHA256
185e0d6aa788ed0e7d633ad433422c82fc25f2a4590105302738079c1515f6a1

SHA512
90b86844a383f95809c120f741ea9ceec0ce792d7e0ffc90c0f797964049d9e992fde4660dbe7da8d13e20cd0c438ba0f4b2318c7940f98b021fa84d80acdf82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe

Filesize
468KB

MD5
6a746789bacb90319a0842497e35b9e9

SHA1
5a0410fdb1bbd7f4ee8247d9b508f16833c59df7

SHA256
ff19d6da3fd76c9870566b2c24b9e9c30eb85318533bdb5a2e557a8015950e44

SHA512
297cd0e497962ef2991157b46584f8a2055e1f4402accffbed51fbf19760e08b210a7fd08fa9c0eeeccb6a1003b8ed5629ed928fbc347bf20db4f3bf0f217747

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe

Filesize
468KB

MD5
d191c8ffc71a82914cf792f9d5e574a0

SHA1
ac553f953e9a813ab50295e14629f1fefe2688ee

SHA256
cb314ed50bdaffdbafcc686dd15759650e8af8b09762aa0ce7161a16d11c1d87

SHA512
c0d7744132713f26c591b0e2a0ae5bf61197df96ceb275b65fe6cf29e372a2e64a620975b77107c190ee37f2349f938e0b407e44e578ed6b124619e24bfc0ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe

Filesize
468KB

MD5
fce3b12031beb9563bcb5770722f7614

SHA1
000e1977efac6e4dce04bb18bdf6931597888a82

SHA256
59a2d93d44face58901097c7db190a07c715e470a0adb3047a189408c8d31756

SHA512
3e294b5b2ed2e863fc7365a6ecdff19ba87c04f8f5cd53254d26262cfb8eaae4d364f2652f5645d8cb86646e584c2c863fc87df0bb8128a32c3b8965d1f400fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe

Filesize
468KB

MD5
0223390831fd79bba9499785c5b21b6a

SHA1
85e3156be97722276a6ff5bbd4e887278ca2fe60

SHA256
0781d029f1319c46b1f029ff5be9ae1dc484af8e6b74487f18aa24185c08294a

SHA512
a3be587277ac7b28955000cb48dbbaee010304f4000efb5a058b7109fabd1ae61ab8811abc6a29e8142d5fa0f9585a4a4cf17fde428709f783fbcef28db3a3d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe

Filesize
468KB

MD5
981acd4f3d6a2ae867a9cb225d8ec912

SHA1
a113b606a0ef967a0424a7e22a53c242f02c5ee8

SHA256
7527339ee246c01e0671f319060927667aaad49020349fbe86c64dee7c89d423

SHA512
88fd60056f88f3ea377724ebf0b3b3012327b766ba6643c19a5c8d4e7da7d75e2165aaf7bd9de617a5c13d4c561c577a23cc246c6c6f712176499e57ea0fdff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe

Filesize
468KB

MD5
dd43f9c4616715a25a6f27b25e63d92e

SHA1
61634b434c8e8b1d22560f4ad06da5ee07fe5421

SHA256
1d989b23318e47f9f3a9b3af6c4a9da02490db5e0f54812ca88dc90bed8ed6d6

SHA512
eabcbdfd44310306b8650635a21149f0724a3c5e2f4e8937166128fd0e1b51acbd1b91d19d56c3322fd4ede7733e4ece598a0e4de40b244d9361d6b118f4a244

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe

Filesize
468KB

MD5
80e1844b0d7806266a7fa7cd5145dd8a

SHA1
03f43eaa5cc06d4e35daf55ec378a697e0a3b607

SHA256
4d5ce506f0f8951916e267440f2fd048ff9d5f2f537e29dff4120cd65c69cec3

SHA512
9fffcfae30af0e4f347068445aa37e619550c536aab104bb24161e3c9bba09359949b6ce8d56d7fe1bf251c90834c88c3733e37bd6052d5faf6ed6ca024a41d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42715.exe

Filesize
468KB

MD5
24acb279fb96db6fae787bd4fcc0333b

SHA1
1f5fdc209e58d5e5aa04570834345bf312306304

SHA256
f64fbf97d479d733b21762facb196657432c734f48d5d553f4a1c250659ec57a

SHA512
a68b2e4a8e5561683bd64d521323e91a36ebe0ae07840836a35dff6a6672312d332cac7d43131a8a4bc21c4b4a99d63e1325232978d115a3dfed863f75c21e3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe

Filesize
468KB

MD5
8ad83bdda799965f50bfd86b800e3746

SHA1
8d3a7033b13976f4219bc08c4cb2fe9485297d7f

SHA256
2a1d4c033c9f2b2ad8738c35cc589cf9125c15c7d0ca2027d5e2f0abc1d70325

SHA512
071a04a5d9ba9b1887e2d74dc9bdd59841b3d65e48e59f00bc966683250bc24e711dbd1a23a187d064673dc880a48ffa6147fb5d76ee051f244ec85ea7fe4480

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe

Filesize
468KB

MD5
0fb91895674c6dffafc86195408a101c

SHA1
1e66c6702a4e52ce88eb41444c61570ce8c16033

SHA256
acac8a97aa26af6836517f1f2b1f7e22446bb39a15281e4508412069b1e58b9a

SHA512
8a021c33ac34c05858531a23ce59d402b6723debf07c77917bc4de380c1ada3bf43a50b94f70d13d3da34f10ecb0c17ea2a17a50dba287410d7bb1c04bf68307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe

Filesize
468KB

MD5
dc336db71f5609d89fbe79efa5e82c23

SHA1
9c890568738bb285ca9f02f53359c57a9a95241d

SHA256
88e91f758034044584c5fc746d31b70d166985983fd43f4ded100d26f10719da

SHA512
21adca995a2ab1c0b655b4c160a22c71ac73970565d75eced3bc8d0ea0e202dda694c1bf23887395debc430efc3ed8a33cf982818a974da7160cbb4bb7520e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe

Filesize
468KB

MD5
4301496a938053b1f4824feb8f30dd22

SHA1
30f5457e3fde530942e8c967cd911f6380630564

SHA256
c49d08ef29b4eb61c9209cac1f121f7886ded2cba5ba6cb9bbfe7e2bffc528e1

SHA512
2858d63df5b339d20c6c847a8843b6f922c99620a06beff93688511e3cbca4ad92c3c376d6b7fb1d64cc3b7d707cd5d139523976a230fe8353b8144adcde0322

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe

Filesize
468KB

MD5
eb28d938d39df599416b3eb467afe5ec

SHA1
3b743ee595782fa26005fd19e05b4dc00c779ac2

SHA256
4e89f2408317cf29eaec96830ac29c4a72e1938decc7ca40e3f98a34540c35a4

SHA512
f6b6f33aa20fb35954c9c3b0c357d3cad6ba40442af26656f0a1dcd78e897693f01313dff9b452e2dfec63eb69de886ad026ed03c703b3feed678f3f34886dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe

Filesize
468KB

MD5
372579744faa293923277f0b4509e20a

SHA1
9e11b6daf4c16367440203deb500cfd783ff875d

SHA256
516a36f76fc56e807803c28c43b7bee4a45524d205a08719b0e7672b4f333426

SHA512
9e2826b299213670dd1bfe955bbf3cb888c5c44a8c5fb2990e0b193750af88bc8ee9281dabc2a3d9b42a5f4c5d945ede4f6edfb239c4e42059a8466b5dc950b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe

Filesize
468KB

MD5
0159b2c1fe95e928a5441196d128d7ca

SHA1
618d3408a622effefc02f6fee7d3fc18bc3671df

SHA256
69db4ff083e064153ae84c5658a1cca742ceca658b54c55eeab34272a2e6ea18

SHA512
508cf23400f5eff545f9ef2ca08ccb76e03dc073e774506e9d9f03e9a96453fd94fac9a5774dfac8f5f8e09b22c1aabad8467611610dbaa46d545c862da51684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe

Filesize
468KB

MD5
9b553304f196192e033cde70cd74eefa

SHA1
a0af6f126c0f3ad28840adc1b26a95498baa9a74

SHA256
2f89eca4ce0400d49bd9a926342567bacd169ed33a0db16515d0224d3e5fdcdd

SHA512
8558f9cc91600527d38a42e8ab9bded6d91e056e65dfdf2875f22c77bb351f7c8c8df780999f05efb10743f7a3f5827b82a37c1a44a710b089ea1d64aedc57d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe

Filesize
468KB

MD5
70bf84998dc82282950969401c669fa6

SHA1
3dbdb57a72764fd79b0b2fe5f62a793aa7a9bfc8

SHA256
6366a99c1ab57180877364fdccbe2839825fccea0be826ae81a7972db0015d2a

SHA512
86a7357e17e837cf122dd1972ca1d3136179f0b36f30048320831d55285feb56ff52ee47343a1338e3b8749c1ba50bdcbcae29f3d7bdb1beef93c876fca06777

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe

Filesize
468KB

MD5
d7cb727b6f08dad1353d3fea7bf6320c

SHA1
2ea6efe3b97bb83c2b312aa103bba130f4671e0a

SHA256
1c467590b6f8a7c58bc7a3e8abe2e5dc7be3122b0ad4236bb1eb856a095efa3a

SHA512
75798075c58246de5181bc8d37bb7e374768aadaa1dd18f8765978f994093efbbb1a78ef81bff7ebfcf690197b92bc7f2ebdb73a79e7fc84c20603b6a2fd489f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe

Filesize
468KB

MD5
e4f37ca01b2d58d53eedb383b57e7193

SHA1
fc35f0fee5230e0284c30c34e88081600e3128c1

SHA256
72770d2fda9430919ffa54734b493a10a201b26e15e05fefbed1391537af7003

SHA512
f70e846b4669747490f1f618fdeeb37192718edae338dd3bcd4bb06d179b795dd52a15bae0a93fa7a31b1f688a3b85567f8552d9116adfab557e53adba2ba760

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe

Filesize
468KB

MD5
85b7abb8b954fd98864448e3c3c6a4da

SHA1
e6aae8a8373cee97882ee8ee46f3bd74ad83f84a

SHA256
4561fd9dcc9f8a589ae859403fdae20621cbe8c0c60b28563d8610dd078adf27

SHA512
0e575007012f7e1869c65c3e9726f371382450fabe36854e3ca0dcce0d1c164556f52328caed38ef1a3803760fbaf20451e775ee9eb313f590a6f2c72c93bc24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe

Filesize
468KB

MD5
c542a17326cec59ba40dd7fb02a37cb7

SHA1
ad59761832aef842b8aca9bac71eb6bb4e1f510d

SHA256
b6774d1529fcc87bdda4167c949df30b59fb4e01090503844310eff1ec09fea3

SHA512
7448510ae615b0d8f82f737983cd1b18d61ae2796e98b248cfd8a804ac59b410a73ab1180769c4ef8a351f1753fcd47e40b12a99ec457309a160380977639b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59075.exe

Filesize
468KB

MD5
faf28ffb7e129d5ff792a84900597329

SHA1
6930cf98059e9aa89dc167ffade7887952be9a6c

SHA256
ff38174788bc4ac086dbf90d36ec43b3e3034f4b30019331162f1347979e2121

SHA512
877a61c80cdc2d72188253c2d8940ad11c726e0042002500d406fb469f2808a6791cef44d73e621f1e7e29434b3fe0aea8b2617c701b8e0acf841802eba5fce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe

Filesize
468KB

MD5
b5d9e6359b2952a5be47c614a484be5e

SHA1
69b760adfc44ed878da2c403c6d61c947fd61f40

SHA256
32ae416026ce8370e4f5090b4afd26902500b19c23738526b3309818ffc496a4

SHA512
bdd1353a65141c49f59d8e1e4a4966318636dc7407ebbca0c39edb85d1b72b766132cf745b510078a0620c058304e7a633b1dc12e572a2198eef5d72bfa8299d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe

Filesize
468KB

MD5
faf546176e38a12b44c99a134eef51fa

SHA1
39711b1c271b9f3288b7a8c60f98b883f03430e3

SHA256
d8405077d9505a93c682966c9a145123b5dca67e3b171d94389c4fe10c3b65e3

SHA512
343a722d56a92d1639ca32d8f114c3920b8c2843a4976dd429308e6bf48ebcc3096d7d6949583460a0c702216f5f6c6c52e80feeb5a47719b660dd4a2569d9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe

Filesize
468KB

MD5
86be39b79a1658ebb3909fbf12a85a6c

SHA1
44f599d281b7c57cbf7c3f79561b5f43c6db05b2

SHA256
3b57072ab4089ed698c26cceb6f8cf2c34789cc7c75799727ad2fb83debc3d9d

SHA512
7db4be3acb6f83be55e723f67bacdbe10f65a45e712a85d7e96d2e66efbb23829ee1ed4ce42f1959c1b5a26022500dced1a34d1f6f83ce601d83894b75a2e5bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe

Filesize
468KB

MD5
469e478f219877ff634437c8e3b2ac0a

SHA1
992059cbcfdda6755e07c6ba7440702b5a548217

SHA256
d2c6075ce84eec7274147dee88b3b9ddf7aa83bbb41cca0a0006b2a19cebb55c

SHA512
418a45ef722c1a93f4986f28e22d051886b3bc04fdba1a781909d24833b9add10cef9acfadf23e0e98c82b9c243a7275eb79fae4573f74faf19a7b5f23cfc626

Download Submit
memory/448-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/556-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/724-3337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/724-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/868-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/888-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1076-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1184-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1228-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1316-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1428-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1780-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1928-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2204-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2244-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2268-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2348-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2624-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3388-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3444-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3480-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3592-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3644-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3804-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3812-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4016-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4064-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4112-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4132-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4168-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4256-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-2648-0x0000000074900000-0x00000000749DB000-memory.dmp

Filesize
876KB

Download
memory/4324-3338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4324-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4416-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4456-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4548-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4624-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4636-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4644-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4844-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4864-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4884-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4952-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-3342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4996-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5060-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5280-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5316-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5388-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5416-540-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5444-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5476-566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5612-571-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12108-2896-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13160-2928-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13352-2770-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14368-2729-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14956-3399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15036-2458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads