1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5

Analysis

max time kernel
120s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe
Size

468KB
MD5

baed291bb3267ed3d7926d069eea8930
SHA1

83529e0075c10d7239c70fd4032ccf41eb6a9be5
SHA256

1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5
SHA512

66bd41173782e2169f75fe11a610086ec6f52ce2d4c57bc34182575a0aaeb894a203b9d4544185060aea28ba388cff48c2ddae684b50119849da803446215505
SSDEEP

3072:2DDKowLNjy8U6bYPfzsjYf5/lhAWIpBnmHeAV8CM0PXXVkNOZlu:2DmoILU6kfwjYf/030M0vlkNO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
852	Unicorn-58434.exe
4720	Unicorn-63442.exe
4912	Unicorn-47661.exe
1260	Unicorn-31922.exe
1244	Unicorn-16140.exe
1844	Unicorn-36006.exe
4628	Unicorn-33959.exe
2124	Unicorn-33650.exe
2152	Unicorn-48595.exe
4496	Unicorn-41818.exe
348	Unicorn-7007.exe
5028	Unicorn-11091.exe
4524	Unicorn-56763.exe
1884	Unicorn-49721.exe
4240	Unicorn-43856.exe
2324	Unicorn-34610.exe
4268	Unicorn-49555.exe
220	Unicorn-41216.exe
1536	Unicorn-22934.exe
1516	Unicorn-3068.exe
680	Unicorn-20887.exe
628	Unicorn-27018.exe
636	Unicorn-375.exe
3120	Unicorn-39270.exe
2176	Unicorn-57744.exe
4936	Unicorn-110.exe
3736	Unicorn-46047.exe
3648	Unicorn-54215.exe
2320	Unicorn-8543.exe
3332	Unicorn-41308.exe
3968	Unicorn-3697.exe
968	Unicorn-30116.exe
3060	Unicorn-14334.exe
3472	Unicorn-7557.exe
2140	Unicorn-36238.exe
3680	Unicorn-36338.exe
1576	Unicorn-5974.exe
3136	Unicorn-9503.exe
4172	Unicorn-57142.exe
3516	Unicorn-59280.exe
732	Unicorn-63364.exe
376	Unicorn-3949.exe
1220	Unicorn-55751.exe
1476	Unicorn-46928.exe
4688	Unicorn-20002.exe
4100	Unicorn-2896.exe
624	Unicorn-36530.exe
2880	Unicorn-40614.exe
4124	Unicorn-9887.exe
3252	Unicorn-52866.exe
4476	Unicorn-10427.exe
2908	Unicorn-14246.exe
2204	Unicorn-14511.exe
1588	Unicorn-37624.exe
2032	Unicorn-61309.exe
64	Unicorn-41708.exe
1924	Unicorn-52644.exe
4988	Unicorn-64267.exe
2860	Unicorn-51360.exe
2740	Unicorn-37624.exe
4032	Unicorn-60012.exe
5088	Unicorn-56291.exe
4632	Unicorn-57682.exe
2180	Unicorn-57682.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57085.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15192	dwm.exe
Token: SeChangeNotifyPrivilege	15192	dwm.exe
Token: 33	15192	dwm.exe
Token: SeIncBasePriorityPrivilege	15192	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe
852	Unicorn-58434.exe
4720	Unicorn-63442.exe
4912	Unicorn-47661.exe
1844	Unicorn-36006.exe
1244	Unicorn-16140.exe
1260	Unicorn-31922.exe
4628	Unicorn-33959.exe
2124	Unicorn-33650.exe
2152	Unicorn-48595.exe
4496	Unicorn-41818.exe
348	Unicorn-7007.exe
4240	Unicorn-43856.exe
1884	Unicorn-49721.exe
5028	Unicorn-11091.exe
4524	Unicorn-56763.exe
2324	Unicorn-34610.exe
4268	Unicorn-49555.exe
220	Unicorn-41216.exe
1536	Unicorn-22934.exe
1516	Unicorn-3068.exe
680	Unicorn-20887.exe
628	Unicorn-27018.exe
3648	Unicorn-54215.exe
3332	Unicorn-41308.exe
2320	Unicorn-8543.exe
636	Unicorn-375.exe
3968	Unicorn-3697.exe
3120	Unicorn-39270.exe
4936	Unicorn-110.exe
2176	Unicorn-57744.exe
3736	Unicorn-46047.exe
968	Unicorn-30116.exe
3060	Unicorn-14334.exe
3472	Unicorn-7557.exe
2140	Unicorn-36238.exe
3680	Unicorn-36338.exe
1576	Unicorn-5974.exe
3136	Unicorn-9503.exe
4172	Unicorn-57142.exe
3516	Unicorn-59280.exe
732	Unicorn-63364.exe
376	Unicorn-3949.exe
1220	Unicorn-55751.exe
1476	Unicorn-46928.exe
4688	Unicorn-20002.exe
624	Unicorn-36530.exe
4100	Unicorn-2896.exe
2880	Unicorn-40614.exe
4476	Unicorn-10427.exe
2204	Unicorn-14511.exe
2908	Unicorn-14246.exe
4124	Unicorn-9887.exe
2032	Unicorn-61309.exe
2740	Unicorn-37624.exe
1588	Unicorn-37624.exe
2860	Unicorn-51360.exe
4988	Unicorn-64267.exe
64	Unicorn-41708.exe
3252	Unicorn-52866.exe
1924	Unicorn-52644.exe
4032	Unicorn-60012.exe
5088	Unicorn-56291.exe
4632	Unicorn-57682.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 852	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	82
PID 3828 wrote to memory of 852	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	82
PID 3828 wrote to memory of 852	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	82
PID 852 wrote to memory of 4720	852	Unicorn-58434.exe	83
PID 852 wrote to memory of 4720	852	Unicorn-58434.exe	83
PID 852 wrote to memory of 4720	852	Unicorn-58434.exe	83
PID 3828 wrote to memory of 4912	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	84
PID 3828 wrote to memory of 4912	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	84
PID 3828 wrote to memory of 4912	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	84
PID 4720 wrote to memory of 1260	4720	Unicorn-63442.exe	85
PID 4720 wrote to memory of 1260	4720	Unicorn-63442.exe	85
PID 4720 wrote to memory of 1260	4720	Unicorn-63442.exe	85
PID 852 wrote to memory of 1244	852	Unicorn-58434.exe	86
PID 852 wrote to memory of 1244	852	Unicorn-58434.exe	86
PID 852 wrote to memory of 1244	852	Unicorn-58434.exe	86
PID 4912 wrote to memory of 1844	4912	Unicorn-47661.exe	87
PID 4912 wrote to memory of 1844	4912	Unicorn-47661.exe	87
PID 4912 wrote to memory of 1844	4912	Unicorn-47661.exe	87
PID 3828 wrote to memory of 4628	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	88
PID 3828 wrote to memory of 4628	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	88
PID 3828 wrote to memory of 4628	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	88
PID 1260 wrote to memory of 2124	1260	Unicorn-31922.exe	89
PID 1260 wrote to memory of 2124	1260	Unicorn-31922.exe	89
PID 1260 wrote to memory of 2124	1260	Unicorn-31922.exe	89
PID 4720 wrote to memory of 2152	4720	Unicorn-63442.exe	90
PID 4720 wrote to memory of 2152	4720	Unicorn-63442.exe	90
PID 4720 wrote to memory of 2152	4720	Unicorn-63442.exe	90
PID 1844 wrote to memory of 4496	1844	Unicorn-36006.exe	91
PID 1844 wrote to memory of 4496	1844	Unicorn-36006.exe	91
PID 1844 wrote to memory of 4496	1844	Unicorn-36006.exe	91
PID 4628 wrote to memory of 348	4628	Unicorn-33959.exe	92
PID 4628 wrote to memory of 348	4628	Unicorn-33959.exe	92
PID 4628 wrote to memory of 348	4628	Unicorn-33959.exe	92
PID 4912 wrote to memory of 4524	4912	Unicorn-47661.exe	94
PID 4912 wrote to memory of 4524	4912	Unicorn-47661.exe	94
PID 4912 wrote to memory of 4524	4912	Unicorn-47661.exe	94
PID 1244 wrote to memory of 5028	1244	Unicorn-16140.exe	93
PID 1244 wrote to memory of 5028	1244	Unicorn-16140.exe	93
PID 1244 wrote to memory of 5028	1244	Unicorn-16140.exe	93
PID 3828 wrote to memory of 1884	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	95
PID 3828 wrote to memory of 1884	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	95
PID 3828 wrote to memory of 1884	3828	1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe	95
PID 852 wrote to memory of 4240	852	Unicorn-58434.exe	96
PID 852 wrote to memory of 4240	852	Unicorn-58434.exe	96
PID 852 wrote to memory of 4240	852	Unicorn-58434.exe	96
PID 2124 wrote to memory of 2324	2124	Unicorn-33650.exe	97
PID 2124 wrote to memory of 2324	2124	Unicorn-33650.exe	97
PID 2124 wrote to memory of 2324	2124	Unicorn-33650.exe	97
PID 1260 wrote to memory of 4268	1260	Unicorn-31922.exe	98
PID 1260 wrote to memory of 4268	1260	Unicorn-31922.exe	98
PID 1260 wrote to memory of 4268	1260	Unicorn-31922.exe	98
PID 4496 wrote to memory of 220	4496	Unicorn-41818.exe	99
PID 4496 wrote to memory of 220	4496	Unicorn-41818.exe	99
PID 4496 wrote to memory of 220	4496	Unicorn-41818.exe	99
PID 2152 wrote to memory of 1536	2152	Unicorn-48595.exe	101
PID 2152 wrote to memory of 1536	2152	Unicorn-48595.exe	101
PID 2152 wrote to memory of 1536	2152	Unicorn-48595.exe	101
PID 1844 wrote to memory of 1516	1844	Unicorn-36006.exe	100
PID 1844 wrote to memory of 1516	1844	Unicorn-36006.exe	100
PID 1844 wrote to memory of 1516	1844	Unicorn-36006.exe	100
PID 4720 wrote to memory of 680	4720	Unicorn-63442.exe	102
PID 4720 wrote to memory of 680	4720	Unicorn-63442.exe	102
PID 4720 wrote to memory of 680	4720	Unicorn-63442.exe	102
PID 4240 wrote to memory of 628	4240	Unicorn-43856.exe	103

C:\Users\Admin\AppData\Local\Temp\1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe
"C:\Users\Admin\AppData\Local\Temp\1989cb3df8bd4c4a73f8ea8e418de93fc436884cfda36875c114da758944dfa5N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        10⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        10⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        10⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        9⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        10⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        10⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
        8⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        8⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        10⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        9⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        9⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        7⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        7⤵
        Executes dropped EXE
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        9⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        10⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23443.exe
        10⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        9⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        9⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        8⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        8⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        9⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        8⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        7⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        8⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        7⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        7⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        8⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        10⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        8⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        6⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        9⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
        8⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60079.exe
        8⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        7⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        6⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        9⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        8⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
        7⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
        6⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        7⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        7⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        5⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        6⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        9⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        9⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        9⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        9⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        8⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        7⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        6⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        9⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        7⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        8⤵
        
        PID:17668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        7⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        8⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17822.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11543.exe
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        8⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        7⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        7⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        6⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        7⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        6⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        7⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        7⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        5⤵
        
        PID:16088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        5⤵
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
      4⤵
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        10⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        10⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        9⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        10⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26462.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        6⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5438.exe
        7⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        7⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        6⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
        6⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        7⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        7⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        5⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        5⤵
        
        PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        8⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21417.exe
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        6⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        5⤵
        
        PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        7⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        6⤵
        
        PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        6⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3529.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49208.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28880.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        5⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        6⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33515.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25828.exe
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
      4⤵
      PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27122.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        9⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        8⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2742.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47686.exe
        7⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
        7⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54729.exe
        5⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        7⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        5⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        6⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
      4⤵
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        7⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
        5⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        5⤵
        
        PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        6⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
      4⤵
      PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        5⤵
        
        PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        7⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        6⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        6⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        6⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        5⤵
        
        PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        5⤵
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12518.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
      4⤵
      PID:15788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        5⤵
        
        PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
      4⤵
      PID:8564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
    3⤵
    PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
      4⤵
      PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        9⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        10⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39596.exe
        9⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        8⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        9⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        6⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        8⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        6⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33152.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        8⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
        7⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        7⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        7⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        6⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        9⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        9⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        8⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
        5⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        6⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8637.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        7⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        6⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        6⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1273.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        5⤵
        
        PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
      4⤵
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        6⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        7⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        5⤵
        
        PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
      4⤵
      PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
      4⤵
      PID:7148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44397.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        8⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        7⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        7⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        6⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        5⤵
        
        PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        5⤵
        
        PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
      4⤵
      PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
      4⤵
      PID:6988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34692.exe
      4⤵
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        5⤵
        
        PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        5⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
      4⤵
      PID:15476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        5⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
      4⤵
      PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
      4⤵
      PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
    3⤵
    PID:12548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
    3⤵
    PID:4640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        7⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        6⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        7⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61628.exe
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        5⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        6⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        7⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        5⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
      4⤵
      PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
      4⤵
      PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        7⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        6⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
        7⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        5⤵
        
        PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        5⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        6⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21222.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        6⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        5⤵
        
        PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        5⤵
        
        PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
      4⤵
      PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
    3⤵
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        6⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
      4⤵
      PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        5⤵
        
        PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
      4⤵
      PID:16008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        5⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        6⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        5⤵
        
        PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
      4⤵
      PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
      4⤵
      PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
    3⤵
    PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
      4⤵
      PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
    3⤵
    PID:13780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
    3⤵
    PID:7868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
      4⤵
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        6⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        5⤵
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        5⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
      4⤵
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        5⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        5⤵
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
      4⤵
      PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
      4⤵
      PID:440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
      4⤵
      PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
    3⤵
    PID:9688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
    3⤵
    PID:13056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
    3⤵
    PID:2392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        7⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        6⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        5⤵
        
        PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        6⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26166.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        5⤵
        
        PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
      4⤵
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        6⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51491.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
      4⤵
      PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
      4⤵
      PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
    3⤵
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
      4⤵
      PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24071.exe
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
    3⤵
    PID:10616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
    3⤵
    PID:8860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
    3⤵
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:15980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
      4⤵
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
    3⤵
    PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
      4⤵
      PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
    3⤵
    PID:13804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
    3⤵
    PID:6848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
    3⤵
    PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
      4⤵
      PID:17688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
    3⤵
    PID:10548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
    3⤵
    PID:5904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
  2⤵
  PID:8992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
  2⤵
  PID:12456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
  2⤵
  PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8076 -ip 8076
1⤵
PID:15052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10200 -ip 10200
1⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 9476 -ip 9476
1⤵
PID:13596

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-110.exe

Filesize
468KB

MD5
ea011c9a649b3855016b46e22b4d708e

SHA1
8f9da1cab535aa05caaf6c9f10bb7b80c1e1916f

SHA256
f31852452ba1dac296f615050297d1bcf96b5bf394aa1a75f16cfbd7b497eb27

SHA512
88c29bbc2699f57af000f3bef02050635178979f9fbfadd76d1c8fe4ced4db2994a58bdfb1353248383b18d9fae9a60540a079e0b54c7ae1d471035586908d11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe

Filesize
468KB

MD5
55eee17aa291822a8fc5bafd29cc3c27

SHA1
8d7103760bb4e7b186df8c8e618280ac2cdb2608

SHA256
ab6db1bf5d2425dceead584f5df1fd75292b28cd2e381e918d6b8feb9d70ffd0

SHA512
9b3e884de61696e1e0995e2d91eaa735379d2866d8ac1dfea06515a9b3fa0db0cddd7ab4e4b604dbd379b334bb37f3eb5f440403bd8abfaa706e26fe9f8b44e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe

Filesize
468KB

MD5
fbbed60bffdbb7b56fcadbb6cfdfc568

SHA1
af1bff08d195663100007c1de3db33b0b63c037a

SHA256
ba429641241aa2a22eba77a6a50b537052b8f74c4d5a458de0254e963795ea48

SHA512
d1de05e75d4096db3891fc37ea6c8effa3056aad1d99c4b21824fca0466a5d294961daaa2c5fb1f7764779261cae7fee769c4eb35cb619e78c5baae5d852cf0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe

Filesize
468KB

MD5
2e1a508ed5f10c68995429b44b059e15

SHA1
ac6cb9d1cc7ceef1ccdfec60ea9cbbd2c59d50c7

SHA256
4ca55b4ae47ba7c88b21f40e83557eec830518007225c5404427873ff9fae7c9

SHA512
eb117131ec9095e6362dc07e01d7b796ce17f53702400e2770f09159bb82219d6ebecd8cf3380acb68588f4960f947a5275b9d39999610300d370cd6f39069c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe

Filesize
468KB

MD5
f67cf33ac32a4d69d9fd13c6fd93f51f

SHA1
b5849454b5013d3b00d91bf39ba0c2bcfc941a0c

SHA256
0d772fb7a9fae38f6477b7b19daf4dc66fb18b1b2d0cd865da0f73c9385a67e1

SHA512
8adae37ed090f043f59327b2b509e8bda91376c93cd47217ecfed594245279e9bbea5b1cb67941601344fb7d575fe92e0aafb6176aa705dc24fcad5d55b82dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe

Filesize
468KB

MD5
47c77d268312a90630586df7b46c635a

SHA1
e4d26e7f452d795fa751b072ad690205a4ed20c8

SHA256
1f00c7a21706ee569456907a7a0befe8ae2768f8333e88f84806e3ae46492f70

SHA512
d05a1c8ff3182df4b39389350bbbcc5937512a7be7b39e6acfa223b9a01796fee02cc1caff175b23f82311edfef38e655f0dfdf34df2b211e076302f18ec31b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe

Filesize
468KB

MD5
0fc0aeb2a57469ab8e9c36dfb91de508

SHA1
db4b8eb6ab21910962a516234acbb3006950a2b7

SHA256
02b41f54b87de3267e2d6ad5a70372302b8847932a5fe5a08c50f8adf21e8429

SHA512
9ac673ce6e0413797737b167d8d9ee1cfd67cad26c80879576e0677338ea4ca4bb830d564ad3c9cdb2cf877e706be33fcb943e9cf6cdcf71ef1255427522a0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe

Filesize
468KB

MD5
4bab28e4dab24c2ead5fb5a13e887047

SHA1
98deca763a27b895edf1f1548f37e6f3e88ab575

SHA256
9bc107a51d1a1816d1a75af2f20e4d5023e0e2a24894aa68ce3aedbd8f8ccedc

SHA512
ada9838c124425ecd0e8d733ef33a0d0d31ad943068d6db449d2168d9b8fdb129eb5a00d29085855c9bf05c7d0566e13d0ec3a88c15cf29f0f7dd7a5660582f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe

Filesize
468KB

MD5
5f93b05acb0cbdbc069a65e72068135d

SHA1
bc3415cce3a176ef4eaae4ec28bcaadd9cc461df

SHA256
0d87492f89256b1597ad9d1fa05ca34cf24ddcc811eed7498027d6d06b007327

SHA512
d5c295cb51f8f8c8dda4a7f5c0c8f60db30a05f03b6835a1387aa5753aa5ead68133254127eb8dc0146cb71c148545090decd68952a3292150e596089a6fc943

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe

Filesize
468KB

MD5
22272b1c22d505b7cc2d3a77d7fabba8

SHA1
b4d1570e42a12c08d8a4abba561cefc45efcc6a7

SHA256
c783a0ed9febd625cce91f866a2e801580ffe4e68dda93b3707bcd4fba19aa9e

SHA512
91c6abb9f27a2b389ac004a20f642be430bb31416dcad8893ef6e82a83b055497f7824f94f9a618ca10a40fe6687982a57a05255cf83a2ca4e69f92260bf5931

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe

Filesize
468KB

MD5
1f84748a29d5bda969f40759a6b14367

SHA1
678c823836f56537cf53f7c2eb8dd3bb6242f3e9

SHA256
26b5686afd91596d8aa36095164c35aebcc05e1317cf4982224651c689d51f34

SHA512
4211f89b5b26930fc766e161339795cdf25499c6c20d7f598c749d26a29be2926115f962b12ad0a5cad8ffa3d9b1bc818642d68e51d969b5cffd18b16bd4a643

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe

Filesize
468KB

MD5
89f86c4192b3134a1e41a003ee1ffe94

SHA1
ef4ea22845a2cb0d671dbb93d6e74e58327ddec2

SHA256
8059a8c23dc436a164550b67bd896793df4b82fd4bca65e2717946031253a925

SHA512
8bc79bd7fdc379077ef19cb6592280659f4414140f10db33a2b884d61dfcbe8e57b4d5974044bfcd65e356c5ac6e55a2d434e43705fd111f1effed997dd7635e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe

Filesize
468KB

MD5
fb791aa36aba9c3827781f9b6c5f80c2

SHA1
2d6f764d8ae26a2ccd16fa78e6b16f4cd8cebc2f

SHA256
edae2f418f07fe6e9971e776a1b356d33e29c586782131189c698b3a684e6867

SHA512
83a02c493bb815a9042d862d131051cdc97a80f20659a5cb06b552a5212a77f01ca3d52e7556378f071e47bea6024a2055dd17666682e96915c1e2eaf3f90987

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe

Filesize
468KB

MD5
795dc3e64e3cdf8897dbc073e237fe1c

SHA1
162b5b27864ac7867551a6fb136267465c50a563

SHA256
0cb64542cb17c0ffcfd8b754615290cd06991014af53b45211437be72229150d

SHA512
f6a49dce12bfd28743e83bfec7336fd10ad76312fb39fb93dac6b84b1e558e070242af64854d3885f229ddb0683f5e66f48b1040379ab03b6055f67a2fa74642

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe

Filesize
468KB

MD5
61c1e8764c3174beb5b5d0b8359bc67e

SHA1
311def9555a8fe4a63f7e5646a1e3f39794b24b9

SHA256
a50c820a7e01016777c41e16f26711d427ea4ad9cd4f78bdaf21efabb2d48fb0

SHA512
8c215dacc8711b063038ed33bd530dd1017909aa0d51ab1daf8f61887109c9e26e921041c3da7c3d53d2cb6abbc036717a6a5db6ba65d5ba267622ea2da6f469

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe

Filesize
468KB

MD5
be7a2398881017f274c80f98e64c78e4

SHA1
fb77501b213bec2984c74330bbb2cdc006acc91e

SHA256
d5cd1c43187e3ff921365688d6a947caa3addcdffb3f6e166df6cb130316bb02

SHA512
3e9090141ac65f0dcff78a76edd145305147dd645df37510ae77303e7272850f3192f6a407cb36b5b5e83b82d771960c3c1889cd1666275eae62a759d79f8f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe

Filesize
468KB

MD5
8a91ceaf12b2641740dfcd918e68b578

SHA1
cec9b1c140c9a6e4e335c2db757070eeff73de1a

SHA256
92bd3b328ff2a01acfe84824c1ea2c289a1f3cd4ed2e393a4a4d7d7fa76ea181

SHA512
2584f04deb53fff8c7ca3915cce3f8f610d4b25e105f1da88248157d5f18cf8ca892910ffd98105c16dec89c3e8cceec246bef274727a3ff04a83cd662e05836

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe

Filesize
468KB

MD5
4eac42d9a7bb9488b6ca962c26098b2c

SHA1
feb6fb22f199a055cba8d58b805be37b815562fb

SHA256
e9007bc0b1167f4a4989d113b1b86e2ae5fcb92d90fb6cbf3242fbc98cd29e42

SHA512
01c922e29de2a091a550d806fd121766b483885385bf08540fba1e53e89ffdb1dacd30be167d13fb91b4e7832e1c2d760b78640634dfd3c7ab548f4bdf30caf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe

Filesize
468KB

MD5
315f436fa0be901ff9aba21be6f38529

SHA1
bb837ca9a42eade2dc464ef0c2b16d6f744845fb

SHA256
5bf5bb3d793aebf24448644c86eb39956f5921ca005d834785b033378ab04a8f

SHA512
032511004a6069a100603e1402e29ea8c9fce808566c64e6effcc69f2dd8b1f851c0be9a71f149c0771907e0637ebcd0bd4aa15c33856bbf753e0624a50748b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe

Filesize
468KB

MD5
3060cd4b9e6949f1a0d9fdbb2fee29c4

SHA1
8393eed87b8b433de5f67e89c902eb326a61302e

SHA256
8d9bd556e1cc13154157fab73d13a666b3cab909248b49268b4646b40808547f

SHA512
d8abe941ef703ae1a96ccfa5757bbc5f3f1fbc97d7292fa11eadbf99eb3ffc4bda5a05083bc4841411c57981681e7d14b5dcdf9223327edab65917c053d068b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe

Filesize
468KB

MD5
c831b2e0c9fc2fcd39d9f256314278d4

SHA1
bab50fd3d0b7b6521fd4bdce390110a516fa80fa

SHA256
728f4bb135c89a7aafd03bcaa569857cddfc97d2bd6981336a4c2cc35cd680a0

SHA512
ec9f520a1913cf5635f4f68749857644953c210c738e644fc906275e2f5fa851275bb43c1fcbd7f216e4894ac43c2777aa6f7a657bf19fc777e3216ffe5f629f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe

Filesize
468KB

MD5
a2256d3e0cd6064679b4dd52becb3e90

SHA1
e8b83150ed1636b224e937f7daf143218eed4299

SHA256
c44cc7ab1f635fed582a70f6b95126e3424ed5eace9d5bc8fbd7b9bfaf52515a

SHA512
ae60e2022fda0d16061d40721cbff2a4b0623a9df405d5190f4d35b94ae4bc75c6f77c9ea52e889dcdc7d7af2e4dde95dc36a35a2ab25a7bf3ccdaf3326f35f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe

Filesize
468KB

MD5
df0c459e368e1354b02583cfa11cd5d9

SHA1
5b3c71fb06dbcda95794ad875449cea2cd0388cd

SHA256
b6e40a7deb9d6542f88e5ee6562cc49daac6e8e29e9787446c550e0a5760dfd5

SHA512
f43c7e07f749ccf0b187b4b478e8fbdd7f8dd670d4b6e05a4ea3cadd3fe3bc14a007791a483c5ca0fafbc2dd7a9638c359a3f5081a606712717705de3c36ae5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe

Filesize
468KB

MD5
3b72aff3802f377eff0ebc7d86745744

SHA1
144bf2c6dc92a2436ca0ed6a79458c6e9b57cb1b

SHA256
1ea2b0c70e2d67a7c795e47f4fcac3200c8f67022db085d9810ee0e6ff3f3d32

SHA512
050e46adcfe168706bfdd14e78556e7359559fb8a3754c292f360f0abe21fd94ab930c3569a9d65d44c71edf872361cec1fe89723308bcd3e0f8910671b8a23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe

Filesize
468KB

MD5
8f05e1f78e0399d6126458895327dbb8

SHA1
994e3c6ce1a9964ce6e8d4fdac4cf6ab134ce941

SHA256
d7d78fe20002ab020a0db80614fb0431a743f4e30eb36371c2ee537d0fae1069

SHA512
9461d4c49a0a237dd905d3c015cdecbb7e61840d3c3b5001d24c07112576e3b2c712b8bb9cbe5ea9fa7e9723ce0bf713f635413a9456d79fa8351329ff716168

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe

Filesize
468KB

MD5
232eb60b263259b507a98409ab39b690

SHA1
8a79a500a060e4b42ea573c53f13d64217298beb

SHA256
d602539c784d5b68b0de66db85794e343093a68676e234b4908368765f717743

SHA512
33f95c3c098f2c9e07b4219465aef3c504bb834745ec5b3f1d650a4ed3b6a79901c819f4e4f7b1d7c3a755337a956a8746814c4ab03e5c3fd5eb00d24ff88ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe

Filesize
468KB

MD5
bb178fb0fdce73d22460f8a96908f233

SHA1
45a9d5fdcdb7b994fb4c3ef40d2ca1114d439447

SHA256
629f83101e161900d41d587d213acf3a1421b543411aa71db62d04873b2b5c27

SHA512
4420362709ef78d774e98a83c4dd354740d5fc932eb2c9cf151b75bc8c2ec9122fd04f5423ccd6102844a2b821be7ff87506dba39e7b69f876b028fc5b590568

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe

Filesize
468KB

MD5
5c3bd2b0f2654d63df89330aa5123af0

SHA1
435edf67d4b13bd76745bcbd434e6d1715f13d56

SHA256
8d95c62955fd17e9704ce5308136ee89a601db1f3c2424a7fe785ce2a2e0ad3f

SHA512
1e16fd1d22c647997b73e4ba80875ebc5220fed02cd4f06c8c5631262673ba12673f943c49d4ed80ccd4e20c279c93da4f96b5847b708bf7aae1f92405e2ab49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe

Filesize
468KB

MD5
fe23af7e150bcf52f846fa6ae9969c8a

SHA1
ffd99f62710f53a5a60e19ec1a90a8edec7188f5

SHA256
48c07d16f69344dd2b3dde8d86d5d38d210a00e34d15904b4d97831e013a9fbd

SHA512
f4e3832f27c9f85a6de987b17477dad9f683b80d0681afcb6cab8d5e8141bb3a2baa8bfbb8f8b8b9fc931d33dd089e92bbefd2c9f928c743977da25bb5aea94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe

Filesize
468KB

MD5
846a66d72888e73979dcbdb08d033b33

SHA1
e035863c2efc8f124aeeef9afe9a7b5ce06258e5

SHA256
f097b1ebda128cb2b805a52e25717ccafe13bbcce1e006b778b373c0646e4938

SHA512
9c87fb5cda0734839b5cffe1316b2717ab2f85487aae212289939993bcdac0153c8265868e3018d9bae057783be8b3b4f371da5385d13bb0e48bac591c433abb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe

Filesize
468KB

MD5
c1aca90ee2ce36d843fdaa6337c57a3b

SHA1
50fef3cb0aae47bd1a9ccef96b8a0858560dcfec

SHA256
736404d6a1b899ad7172fa0e3c018d6d2e67657e6a01530bbf55247d9c186df1

SHA512
940c6af2a2667c91d2fa50b63156187d03b10b5e0e7d517783596ebc250fdbe12ba3ed197ee578e04843db80801cbe14af7451032679c57890633bcca3b460e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe

Filesize
468KB

MD5
85ebf14bfea5921b59a7ea1549a550b8

SHA1
12288c99c1df97b8938684623e6f84a10f1effb6

SHA256
f6aca16ff2c00496737a10f797cdeb3ae8e00c6ae2938a39ce6f81ef36171ef3

SHA512
5db034f7af330a61ac4a52999d5e578dd7970956b77514efc982d27b06c3b17b57bb33ee8c890b10e0d2563f203b86d5e98c9212bc42038afc7442f59647cc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe

Filesize
468KB

MD5
8aac3012422135fc1cbe9b732c571688

SHA1
499ad5f43f94a24aebadad08819f8c4eb6f0589c

SHA256
7cf043d3eaaf6613cf1ca2011316f14efd9cb03f5d39cb8ba4363119789ad0e4

SHA512
fab698ead8e4ed9457659b7d819aa43bffe8dc2ac5a98c1eaee1c12d3d489de48df6d52c5bb364c5c5dd828ff59d9d6a3c1e151a2347bebf81603fb26992bf59

Download Submit
memory/64-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/220-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/348-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/636-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/680-156-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/732-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/800-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/852-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/884-462-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1048-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-455-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1244-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-478-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1436-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1476-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1568-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1576-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1592-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1844-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-524-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-565-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2204-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2740-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2996-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3060-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3120-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3136-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3156-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3252-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3472-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-485-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3680-243-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3736-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3828-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3968-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-523-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4024-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4100-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4124-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4172-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4224-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4240-99-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4268-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4268-2583-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-410-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-572-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4628-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4632-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4652-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4688-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4720-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-22-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4936-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4948-644-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4988-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5028-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-645-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-646-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14020-2582-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14492-2341-0x0000000077270000-0x000000007727A000-memory.dmp

Filesize
40KB

Download
memory/15256-2301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15268-2283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads