3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6f

Analysis

max time kernel
119s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe
Size

468KB
MD5

7d80edcf394163a8173ce07e940ed690
SHA1

5d908d813c6dcd0e1b2e9d8a737263960f401464
SHA256

3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6f
SHA512

05e1598bcedc80f7c854cde49767dfa552cb48c74459c10baf1caeacbef9d97d51c83cc14af924e1c8c759aab6db44d52a15868297ad29cccb0f18d8101d691c
SSDEEP

3072:tqmhogKxjs8I/bYrPz3Cmf8/BGhc7IpldmHBzVpBqL536jElpal3:tqIothI/APDCmfy0W9qLBUElp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1624	Unicorn-19514.exe
2396	Unicorn-39498.exe
4048	Unicorn-44137.exe
4620	Unicorn-34314.exe
2052	Unicorn-13379.exe
5104	Unicorn-33245.exe
4700	Unicorn-60856.exe
408	Unicorn-1060.exe
3396	Unicorn-14168.exe
624	Unicorn-25674.exe
4428	Unicorn-33842.exe
2788	Unicorn-27711.exe
2116	Unicorn-49913.exe
2080	Unicorn-54817.exe
3776	Unicorn-63665.exe
2680	Unicorn-29042.exe
4272	Unicorn-50017.exe
1288	Unicorn-19613.exe
2872	Unicorn-43852.exe
1304	Unicorn-44117.exe
1884	Unicorn-4153.exe
4788	Unicorn-37027.exe
3460	Unicorn-62600.exe
3364	Unicorn-19530.exe
3680	Unicorn-43541.exe
1648	Unicorn-43541.exe
1008	Unicorn-23675.exe
452	Unicorn-23675.exe
2704	Unicorn-12026.exe
1048	Unicorn-35394.exe
3660	Unicorn-4567.exe
2812	Unicorn-15419.exe
2776	Unicorn-14153.exe
2848	Unicorn-32911.exe
372	Unicorn-37890.exe
1540	Unicorn-46058.exe
3616	Unicorn-62705.exe
3520	Unicorn-13769.exe
2084	Unicorn-2072.exe
1260	Unicorn-42912.exe
2244	Unicorn-15882.exe
936	Unicorn-40386.exe
552	Unicorn-40386.exe
4704	Unicorn-61361.exe
1176	Unicorn-64433.exe
1640	Unicorn-44833.exe
4524	Unicorn-48746.exe
3196	Unicorn-39509.exe
2988	Unicorn-15113.exe
3204	Unicorn-39618.exe
4512	Unicorn-38549.exe
2296	Unicorn-64122.exe
4308	Unicorn-8791.exe
3516	Unicorn-29426.exe
4144	Unicorn-32226.exe
4304	Unicorn-18491.exe
3540	Unicorn-12891.exe
400	Unicorn-18683.exe
2680	Unicorn-4252.exe
3332	Unicorn-49924.exe
1988	Unicorn-3987.exe
2492	Unicorn-3484.exe
2260	Unicorn-21858.exe
4628	Unicorn-15217.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4384	2680	WerFault.exe	104

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25943.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	14428	dwm.exe
Token: SeChangeNotifyPrivilege	14428	dwm.exe
Token: 33	14428	dwm.exe
Token: SeIncBasePriorityPrivilege	14428	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe
1624	Unicorn-19514.exe
2396	Unicorn-39498.exe
4048	Unicorn-44137.exe
2052	Unicorn-13379.exe
4620	Unicorn-34314.exe
5104	Unicorn-33245.exe
4700	Unicorn-60856.exe
408	Unicorn-1060.exe
3396	Unicorn-14168.exe
2788	Unicorn-27711.exe
624	Unicorn-25674.exe
2080	Unicorn-54817.exe
2116	Unicorn-49913.exe
4428	Unicorn-33842.exe
3776	Unicorn-63665.exe
2680	Unicorn-29042.exe
4272	Unicorn-50017.exe
1304	Unicorn-44117.exe
4788	Unicorn-37027.exe
1884	Unicorn-4153.exe
1288	Unicorn-19613.exe
2872	Unicorn-43852.exe
3460	Unicorn-62600.exe
3364	Unicorn-19530.exe
1008	Unicorn-23675.exe
2704	Unicorn-12026.exe
3680	Unicorn-43541.exe
452	Unicorn-23675.exe
1648	Unicorn-43541.exe
1048	Unicorn-35394.exe
3660	Unicorn-4567.exe
2812	Unicorn-15419.exe
2776	Unicorn-14153.exe
2848	Unicorn-32911.exe
372	Unicorn-37890.exe
1540	Unicorn-46058.exe
3616	Unicorn-62705.exe
3520	Unicorn-13769.exe
2084	Unicorn-2072.exe
1260	Unicorn-42912.exe
552	Unicorn-40386.exe
2244	Unicorn-15882.exe
936	Unicorn-40386.exe
4704	Unicorn-61361.exe
1176	Unicorn-64433.exe
1640	Unicorn-44833.exe
4524	Unicorn-48746.exe
3196	Unicorn-39509.exe
4512	Unicorn-38549.exe
4308	Unicorn-8791.exe
3516	Unicorn-29426.exe
2988	Unicorn-15113.exe
2296	Unicorn-64122.exe
400	Unicorn-18683.exe
4304	Unicorn-18491.exe
3204	Unicorn-39618.exe
3540	Unicorn-12891.exe
4144	Unicorn-32226.exe
2680	Unicorn-4252.exe
1988	Unicorn-3987.exe
3332	Unicorn-49924.exe
2492	Unicorn-3484.exe
2876	Unicorn-11688.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 1624	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	82
PID 3880 wrote to memory of 1624	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	82
PID 3880 wrote to memory of 1624	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	82
PID 1624 wrote to memory of 2396	1624	Unicorn-19514.exe	83
PID 1624 wrote to memory of 2396	1624	Unicorn-19514.exe	83
PID 1624 wrote to memory of 2396	1624	Unicorn-19514.exe	83
PID 3880 wrote to memory of 4048	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	84
PID 3880 wrote to memory of 4048	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	84
PID 3880 wrote to memory of 4048	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	84
PID 2396 wrote to memory of 4620	2396	Unicorn-39498.exe	89
PID 2396 wrote to memory of 4620	2396	Unicorn-39498.exe	89
PID 2396 wrote to memory of 4620	2396	Unicorn-39498.exe	89
PID 1624 wrote to memory of 2052	1624	Unicorn-19514.exe	90
PID 1624 wrote to memory of 2052	1624	Unicorn-19514.exe	90
PID 1624 wrote to memory of 2052	1624	Unicorn-19514.exe	90
PID 4048 wrote to memory of 5104	4048	Unicorn-44137.exe	91
PID 4048 wrote to memory of 5104	4048	Unicorn-44137.exe	91
PID 4048 wrote to memory of 5104	4048	Unicorn-44137.exe	91
PID 3880 wrote to memory of 4700	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	92
PID 3880 wrote to memory of 4700	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	92
PID 3880 wrote to memory of 4700	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	92
PID 4620 wrote to memory of 408	4620	Unicorn-34314.exe	94
PID 4620 wrote to memory of 408	4620	Unicorn-34314.exe	94
PID 4620 wrote to memory of 408	4620	Unicorn-34314.exe	94
PID 2396 wrote to memory of 3396	2396	Unicorn-39498.exe	95
PID 2396 wrote to memory of 3396	2396	Unicorn-39498.exe	95
PID 2396 wrote to memory of 3396	2396	Unicorn-39498.exe	95
PID 2052 wrote to memory of 624	2052	Unicorn-13379.exe	96
PID 2052 wrote to memory of 624	2052	Unicorn-13379.exe	96
PID 2052 wrote to memory of 624	2052	Unicorn-13379.exe	96
PID 1624 wrote to memory of 2788	1624	Unicorn-19514.exe	98
PID 5104 wrote to memory of 4428	5104	Unicorn-33245.exe	97
PID 1624 wrote to memory of 2788	1624	Unicorn-19514.exe	98
PID 1624 wrote to memory of 2788	1624	Unicorn-19514.exe	98
PID 5104 wrote to memory of 4428	5104	Unicorn-33245.exe	97
PID 5104 wrote to memory of 4428	5104	Unicorn-33245.exe	97
PID 3880 wrote to memory of 2116	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	99
PID 3880 wrote to memory of 2116	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	99
PID 3880 wrote to memory of 2116	3880	3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe	99
PID 4048 wrote to memory of 2080	4048	Unicorn-44137.exe	100
PID 4048 wrote to memory of 2080	4048	Unicorn-44137.exe	100
PID 4048 wrote to memory of 2080	4048	Unicorn-44137.exe	100
PID 4700 wrote to memory of 3776	4700	Unicorn-60856.exe	103
PID 4700 wrote to memory of 3776	4700	Unicorn-60856.exe	103
PID 4700 wrote to memory of 3776	4700	Unicorn-60856.exe	103
PID 408 wrote to memory of 2680	408	Unicorn-1060.exe	104
PID 408 wrote to memory of 2680	408	Unicorn-1060.exe	104
PID 408 wrote to memory of 2680	408	Unicorn-1060.exe	104
PID 4620 wrote to memory of 4272	4620	Unicorn-34314.exe	105
PID 4620 wrote to memory of 4272	4620	Unicorn-34314.exe	105
PID 4620 wrote to memory of 4272	4620	Unicorn-34314.exe	105
PID 2080 wrote to memory of 1304	2080	Unicorn-54817.exe	108
PID 2080 wrote to memory of 1304	2080	Unicorn-54817.exe	108
PID 2080 wrote to memory of 1304	2080	Unicorn-54817.exe	108
PID 2788 wrote to memory of 1288	2788	Unicorn-27711.exe	106
PID 2788 wrote to memory of 1288	2788	Unicorn-27711.exe	106
PID 2788 wrote to memory of 1288	2788	Unicorn-27711.exe	106
PID 1624 wrote to memory of 2872	1624	Unicorn-19514.exe	107
PID 1624 wrote to memory of 2872	1624	Unicorn-19514.exe	107
PID 1624 wrote to memory of 2872	1624	Unicorn-19514.exe	107
PID 3396 wrote to memory of 1884	3396	Unicorn-14168.exe	109
PID 3396 wrote to memory of 1884	3396	Unicorn-14168.exe	109
PID 3396 wrote to memory of 1884	3396	Unicorn-14168.exe	109
PID 2396 wrote to memory of 4788	2396	Unicorn-39498.exe	110

C:\Users\Admin\AppData\Local\Temp\3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe
"C:\Users\Admin\AppData\Local\Temp\3d5ff17f21cad8e5ecb94a1532aafe72be2714cc5b5f302f48dbf5adb8efed6fN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 724
        7⤵
        Program crash
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        10⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        10⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        9⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        9⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        8⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        8⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        7⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        6⤵
        Executes dropped EXE
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
        9⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58620.exe
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35507.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        8⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35243.exe
        8⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        7⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65300.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        7⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        7⤵
        Executes dropped EXE
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        9⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        9⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21226.exe
        9⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        9⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        7⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        9⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        8⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        8⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        7⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        7⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        7⤵
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        6⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8952.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28107.exe
        7⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        7⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
        6⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39787.exe
        7⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        7⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        6⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        6⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        5⤵
        
        PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
        9⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        9⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        7⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        7⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
        6⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        6⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        8⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29729.exe
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        7⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        6⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        5⤵
        
        PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38065.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
        5⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        7⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47784.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        7⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        5⤵
        
        PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
      4⤵
      PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
      4⤵
      PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
      4⤵
      PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10571.exe
        9⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        9⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        8⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        7⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        8⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43441.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        7⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        7⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        8⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        7⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        7⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        6⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        7⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        7⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
        6⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        6⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7016.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        7⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        6⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        6⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        
        PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        5⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14416.exe
        6⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        6⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        5⤵
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
      4⤵
      PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63565.exe
      4⤵
      PID:14900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8668.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        9⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        8⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        7⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        7⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        5⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        5⤵
        
        PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        7⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        5⤵
        
        PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        8⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        6⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        6⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        7⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31594.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        5⤵
        
        PID:12516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
      4⤵
      PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        6⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        5⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        5⤵
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        5⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
      4⤵
      PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
      4⤵
      PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32387.exe
      4⤵
      PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
    3⤵
    PID:10260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
    3⤵
    PID:15116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
    3⤵
    PID:6116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
        9⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
        9⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        9⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
        7⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        7⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        7⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        5⤵
        
        PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        8⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        7⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        5⤵
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        5⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        
        PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
      4⤵
      PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
      4⤵
      PID:15268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
        6⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        8⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        8⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        7⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1432.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47088.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30322.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        6⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        5⤵
        
        PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        5⤵
        
        PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
      4⤵
      PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
      4⤵
      PID:16208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        7⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        6⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        5⤵
        
        PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        6⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
        5⤵
        
        PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        5⤵
        
        PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
      4⤵
      PID:16312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
      4⤵
      PID:13460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
    3⤵
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
      4⤵
      PID:15068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
    3⤵
    PID:9596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
    3⤵
    PID:13640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62545.exe
        7⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52632.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        5⤵
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        5⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        5⤵
        
        PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24858.exe
      4⤵
      PID:16260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        6⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
      4⤵
      PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
      4⤵
      PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
      4⤵
      PID:5488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
      4⤵
      PID:10456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
      4⤵
      PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
    3⤵
    PID:9404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
    3⤵
    PID:12348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        5⤵
        
        PID:460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        7⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        6⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        5⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        6⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        5⤵
        
        PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
      4⤵
      PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
      4⤵
      PID:13496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
      4⤵
      PID:12872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52612.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
    3⤵
    PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
      4⤵
      PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
    3⤵
    PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
      4⤵
      PID:14748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
    3⤵
    PID:9564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
    3⤵
    PID:15108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        5⤵
        
        PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      4⤵
      PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        5⤵
        
        PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
      4⤵
      PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
      4⤵
      PID:11176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
    3⤵
    PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
      4⤵
      PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
      4⤵
      PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
    3⤵
    PID:12596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
    3⤵
    PID:15660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
    3⤵
    PID:5408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12891.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
    3⤵
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        5⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
      4⤵
      PID:12652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
      4⤵
      PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
      4⤵
      PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
    3⤵
    PID:12296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
    3⤵
    PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40554.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40554.exe
  2⤵
  PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
    3⤵
    PID:8616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
    3⤵
    PID:16284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
  2⤵
  PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
    3⤵
    PID:14472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
  2⤵
  PID:11236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50712.exe
  2⤵
  PID:14988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
  2⤵
  PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2680 -ip 2680
1⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 15032 -ip 15032
1⤵
PID:14368

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe

Filesize
468KB

MD5
d92d5350666382d8a632526e2cf83b66

SHA1
382c4878f2341a70e7fa404bd90bb7d5efafb29e

SHA256
e4249edc2ae230c6332038f6dfddcbb497f83bdbbe118a0dcebd9ea2d1a7f998

SHA512
332a8c070c3a018616fea8f0e0734ac5c97af6e0a949f5691bd1062435371600733b80bc666e5a3fefa0cd85786502caca97ef7be06fc8530ff756ea64480163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe

Filesize
468KB

MD5
3bf5e3bff60e815e1b53803d25642fbf

SHA1
d07ba7bed3c0287cb3bdef853de4fdad1663bc14

SHA256
0b31f87608d07d0f9edc396279c6d01e6c1f3f5cc99dead50bc1abb3a9c42460

SHA512
d57a24df6a84baf6d650ffce1427615ce0347dc971f1984b628d1a00a0de489a8b52a1f497022dc858d3401ec8ebb36fe8470e748ca56f3702139622ca0f3f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe

Filesize
468KB

MD5
2ac85501c33bfba702c1e589869ea257

SHA1
c43d783ee859538df9090d473e4107b5cfa75955

SHA256
9fc4c195b964f457264788b02e114aa9f81a44116f251802cfaff4f6b6c0ba2e

SHA512
c1fba5ea5f5b6a70e63b73123bbfa0bb9b88e50ca7a62aeadc5bebc19c9a402f2a744c7051ca7d640c3f156eb5ee3eba785773e61449002cb70c69cf0f9a7964

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe

Filesize
468KB

MD5
3061c074d33aeafd9381941e446b21ef

SHA1
0d51ae9b9b7e7ae7cfe7d7e720c80e6fe3c2390e

SHA256
1bdfb973fec7cda940a1b9d4915b59e5c0a2251f043bf8a0a55580d10d3fd624

SHA512
ac1780e5ec80308737e581807ae803b9635a6987f082bf357b66699381f99f12baa5a0610f4ac211f3f346017f0c5277e47524ddcfea80d539f0aa9ced8dc611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe

Filesize
468KB

MD5
31be623d881892050d08cb7f1f6ba5ed

SHA1
98082daa27018f590739032490a87f5d3edfad2d

SHA256
371fbcdad71c818018477d6b9d8752870af88b6bb8773ef5aa1ff912ca1690cc

SHA512
b8231d9777e3217ab1882f4e8a4c7854c517eeab7a7ac332e628970ce1d173524916d60b93b22a4aa9e0b31d79c0db641325d99b6e40eb1194cfbd047a78bac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe

Filesize
468KB

MD5
3123eb284f77ff16f0739e1820b5fb21

SHA1
d062067a6e295e8206f6c7e3b209b3ebc5d9cb0d

SHA256
8999ce9a0014fea1bc76249ec8f83df2682467ee054a50a4e8be8cb6caa75af9

SHA512
6c5e937b1c6213a7036bb5d9d77c4e1fe99d5659b07be4161d7e9c0a63d52b60ca617615c0239b1e6fcef80f2543d61d7c768b0c4fa283dc9ccde020266362b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe

Filesize
468KB

MD5
84e31ada1de983851e7cf5ae84b8e122

SHA1
0259291cd97238d8f74a02c2829babf281b8c49f

SHA256
19bddcba2d3c2faebbda60727ff2dd7ceb5d3bd9b3f93e9e238ce99c58033501

SHA512
01871ee73e2747dde60fa0addc05a9fcd336c1ed631dd9f2d2fc11515407e2fbee13b08f65cc334f4fe8e970e265e05bfb1f6859b22c93ccd075a28dc6f308da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe

Filesize
468KB

MD5
5ad10b4aaef115ff31c5b7c72acbb58a

SHA1
f4ca656910dc29c47adfb058a66229e4c6fd020e

SHA256
8e1fcab7a99fe6d5330d4ea8cb8dd86bc474a9cc6d0e559a5bc514723d71f1f4

SHA512
092d68ec5cca4260c46d89f7bc271fb5cd82da7749e39527946d35fd2b0ee54a1cacf99878188e2c349927bbb3abf00ef12807bc92d072a9b40e95acf74c3754

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe

Filesize
468KB

MD5
abd4cb737e036e912ad417c908910da2

SHA1
9b52320f5a8272015f5cda286bb0f9da293fe9ff

SHA256
973eef782a920ba0f3385fb38187b3baa4ab733f435423a57fe4acb38cf55a3b

SHA512
2cf2e9ff4125697f4405f330577df08c6608f97897aba6107f4165f6fba228bff4c272915ff0675e66c8313d3bbfe9a4f38230a27d890729626f2c3ff394a52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23675.exe

Filesize
468KB

MD5
0fe65a1844a91c4bb424ec79bd58f5bc

SHA1
f94266aa81919eefefbe084a719d402b4db7d16e

SHA256
691a5c62373f7d149f1a98460e7d06cd31d5191e4544bc4311c61941f95c7108

SHA512
110adc2a10bb8c54d99a6f24e55247529bfe20786378f40ebda6afaf9a122b923041e79a08004b4c1c4bc27a13c55af2a8f1c561e482a5ecd89f51a66908a6cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe

Filesize
468KB

MD5
4e82b55558dba1ce3987c603e79eb80a

SHA1
127febb7f0376a5d74366976b5e0a8d9d093297b

SHA256
89ca0a157d028cc6eba6b7959a1aace99e4db09cb1279581a625908628baa1eb

SHA512
d55bf3b41262f9f2431fd7fbbe45224f5522b772abb42771d1fb1175869d9f3b06f1465b0545275535e2d1a60f7f5c64a6462a6f8730b5fd91dac71a52967c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe

Filesize
468KB

MD5
e8a6a137d2400598a8c3d355decf26e8

SHA1
dc089d707913b7573c793ef5869a3aa84a7a20f9

SHA256
9a00e5ba119a56a2ee0ebc70b849de853ca90b4664074dde9930ac24d4393bbb

SHA512
053d64e620ce14230d0c441bfc5c34a47c701b54f53af2cae8031bb9b61df97ac0f65fb162d8b08b5d22df2cf689b1f8e241be04d7f8952574e0f06936cdabc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe

Filesize
468KB

MD5
1c6637cbc89dd18bcf4db8152d0fcb7e

SHA1
79521d405832c151ce0657732a864fd4c986587a

SHA256
d923ae9a4bccdaa7c65f293c4a79295256048ea2a5efa1c564d24c65346d4492

SHA512
f7b1b0f8b1d83860f3c70ff7c311ad5478c1eb9213444f16c5696e37d8fa0207d37a20b7e80b535b175aa04afa0ab34b3789e62e239c6bbcfd5c5aca9717b825

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe

Filesize
468KB

MD5
22dd8a8e81aea8a55959bbda437e1ec7

SHA1
8de3d8d70267d390479e49a71b8cb1edd38ca1c2

SHA256
373948dd4301ea6298672e5169a29e92899f9b31e343715c6554bee6b77a12c5

SHA512
73260804457a5f85299e1eeb42c0769831be710e6ba4510d82ead14f7a8326e86637b99830b572f60dac87e577dc7c2797467f1fb7507a44e2cf6131ec3752d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe

Filesize
468KB

MD5
8a430acd84126cd8b2069d57f59a522e

SHA1
c3decfcb3ea1b912937ad50238c125182c91b5b7

SHA256
f10ffd49dadac9231f2e2c109024c7f5073d0364db6359303f4070e9c41b86f7

SHA512
1f04cc67736cc9fe52435987a0ddea1fe9ddeebd613d147e84ce5eb474aebd0053ae1c73c92f1ad49f0e0811a4776ae458072c87b98afc6999202abc0ad4cf45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe

Filesize
468KB

MD5
9a3acb48fbc2fc1ba5ed93c1bcc111c6

SHA1
e5554232c5dc250c593ca2a3639d9a94f6baa8d0

SHA256
0386452097cfed2b4188efdd10fafedc7e6e83d154e6c9a5de23f393aa78834a

SHA512
83fb1a55820b9ce8c53df975ebd776bf7c7f8be945c6078c4028b825e97d8ad1ae4ce8564682b050fa8d5ef8c5626405c8d696617573320e4bb686b057b1f91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe

Filesize
468KB

MD5
55fb7ee9a2764a5daa9424e2fa44e047

SHA1
d04e40004598b5458a9a2c14549383c9b756bf5f

SHA256
42d58e504fc6a805815545f10fabb05c9d2f479411c7e327e6da7fac4e8c70e0

SHA512
cb186c0531c800b4926246bf41688cdc67e15aee339ea3bc0c1df7593ca523c620792e9ffa472da1e6f688d45b16d84676ca32ea7c34db57b8748304c5d6968b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe

Filesize
468KB

MD5
8ff3606f043db63bcec9c85960224280

SHA1
8d34410a01ec8f5970459c481bd298f597926ec2

SHA256
7907bbb65b97c435bc26314af25297c19868d2e1392410389b04ff3205f26d17

SHA512
91b3097613fd8fc9525ef10fc9f86ffd53c5724aa35e4b5ebfcdd53c6fe265cc451eb5953a65c30ac29302c411689f12fea1e26a807d3978bbfd4f669394c4a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe

Filesize
468KB

MD5
270c6b12fe0a925639a8c77b750691c2

SHA1
832ce2c2388404a5040999dd348838308300d041

SHA256
a8574a472c10e017ccb819f69b4878bab7292b53aca8e153ccec241e9a70885b

SHA512
9b6a9c2e40c935f44cd220a6ab4073cec8ad0c1cbb4c2028563afbe26dd7bbe481794fececebf3df9ef1fd6e521838a112c64372af43060da37023b8cb60228e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe

Filesize
468KB

MD5
86626cf50d524e73c613ec5b5a0aa5d2

SHA1
bce01ca91224ee4b8fd789df26ae7bd3bf3e98e1

SHA256
7ea4ce327bfb2e2c352af1d49e3a75b3db5fef9df4734449ee3a36c736ceb338

SHA512
540e0742d383a121ae348febab15db84943d34500cbc44233efe823143b5fd8280b30f46b96bdde234d4dc0ae14b72c045ef02d50d159e8803f271d5fe73f407

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe

Filesize
468KB

MD5
c535204e0413d61a8e4771d192b1ee65

SHA1
699541b4437985a8472d019c0504886c7c3ee524

SHA256
9f934142e85ccbdbb842f0a26bf6c7901a9009b7056031a3bf23e0e9881b8b8c

SHA512
d0699516184f93e4c2ca02029c000a3f392f170e71afc1af39165690c0e082c44607c797092b8a300107fe6c577c06633486aa016d95ae98ac95d8fc73ce807a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe

Filesize
468KB

MD5
e5fa33e6150a6332ae6ab2966d2ab00f

SHA1
25663e50c86079d15fcfc214190775acf3355d09

SHA256
7cf14ebf75b4547dd9346e83f82f25dd477ea304be2b970bb2f02794dd3b527e

SHA512
66f51550de748094022ca699885708662107f82dbbbb188c7b0cf46a6111537bc4466e8eb8933669a620f98513691a8eda5f363764ffe2a66464a3c10e6a17fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe

Filesize
468KB

MD5
727c085bb48f3ffdc7fd50896ddca6bf

SHA1
e7e473b528c8894dcd6a75fa67287f1934d10f8a

SHA256
2930a939274f702673838f0094df784a96fb6a2f9e0f8563ffa2bbebe929eeff

SHA512
4d06eae49ca3bb97db47f771a80b065547559acb6e96614d6b67c50964b1bbb9799cc2b06e7c8fcab98424af33544e8a52552768a8e4ddbc2e8752a2c18fef2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe

Filesize
468KB

MD5
45fcc4e13ac3ce1988378eebb5f4ceb8

SHA1
bb174840a1df0dbf287d398ba0b5239a886ce56a

SHA256
4a4836d6aeecb7becda0e6fac5b153090173ab6e348ce7def9d2886a54004041

SHA512
add8113cb8b7d28f95df11dc28b3262010e7a0d5e21f14e1267a8ba752c37b40377ad37d99fcf496a9c3f459abc7d36c136a8aa4c423535af44e2468dccd1525

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe

Filesize
468KB

MD5
28d5e747289138fe1dd368259f6965c0

SHA1
6770fb5b001c3ae8ccce30c6f3aa919c812b885b

SHA256
ef317188dbfc76c5a88023863c9f39ef827c899d37e6728a7def10c005d0e64c

SHA512
2a6182fbca79a7512622b54beea73986b85d73db3f0990c7ff84eba87d2a15346830865fea5e9dcfc0f3b9e139bb6fd228d37b2eccd726d368a75fb2712be4ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe

Filesize
468KB

MD5
b8c8bbfce4e69b8c7b9dded783ff0b00

SHA1
1b677cea0e3921872979740c26e4b3ed298fb142

SHA256
db6a42e92c1b2653211c47cf60f46109b4d98e77453af1933ff72adca5e9aa0c

SHA512
cd3e9da41b9cb34e624f1e6d31282656327f0ebc880def1cb85634bacee54359058bcfbe305cb688ebf152b1d18eed8d3fcd8ecd04275f49930490023dccc907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe

Filesize
468KB

MD5
7dab09267c1d36db6cc2de9d7438cd30

SHA1
d13c3e1c1d95850637d77d62f574a8d3ed224e60

SHA256
04510363cd4694440f43805dfdc428a96d96837c46e5c288bd865180a7443703

SHA512
e79133cf7384066bdabc998aa0baedd089bbbde59e08165e3f847457974a8bbe5e52ae43a506711428980ef04a213c7b12ff87ef120d9c0d73220c929f9ec0e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe

Filesize
468KB

MD5
e86b72e7cebcfc9721765fe37d81df66

SHA1
cb54c97bd36cdcbece3b432cf37b76d3d35269a2

SHA256
f9015828b916b7c28151bc2d968d028f39c0a7998a0b0159dc92cc06edc186e2

SHA512
10ead81b501ca8bc4b23c578985b46cfa3d3c3e009e8931918cbdb2dcb5b93e223b385e9c6154d00f45119145ca0543a2e0c3c228eca0f87c9e91ce39056df21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe

Filesize
468KB

MD5
6f248dc0887eab4b50f97b505303d809

SHA1
aa1e398248eea00531f54bf4e62b7daebb1fa9a9

SHA256
6431e1e895f14f75333f5f95ab0161090e7a1367c18bfe9a4a2d2f2e2ce7d51f

SHA512
74049dff65b1431f287504b4c99052681c4ec0ae0a0871ed21ee215b2c6fb48aa279cd751fe5739240ff2d174b2606ed83a740bfb6f09bb18032b96102b31b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe

Filesize
468KB

MD5
104b2402d18fe640230b092fa2dbd88b

SHA1
a2fead411c14445eca41466a84ff4b70c146481e

SHA256
f69c378db8ecffd389869a2b188b740fada4d07b73b83278a42cf2d581c47071

SHA512
078dde1132c7cc9f1515511218a45287093797eec5d743b148fbd2ac876325a8372a36d5597c0da27269d63e3f8b36d6acd72e06505fc4400dbf93c414cdfcfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe

Filesize
468KB

MD5
e25796879727f04754aa1b6b1bbc6850

SHA1
03dea9b9bae03be367efbaab0a90c82c8cdf43da

SHA256
02ea5095ef5ec5d0d91e9459b7c009d5b7ed1a221f6a871ae7ce9df2af7a03f4

SHA512
fb0f00e20ef596d0c0019292ff94dcc3e473c0d29806ac8e76385907588b19629868ceea4bdd76db7477bb775c8b169511799c479f6b5f672c18f9b2a665b595

Download Submit
memory/316-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/372-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/408-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/448-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/460-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-470-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/696-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/760-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/900-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/936-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/944-463-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1008-184-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1048-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1096-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1112-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1176-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1224-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1260-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1304-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1328-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1336-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1988-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2080-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2084-254-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2244-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2396-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2492-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-114-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2776-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3196-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3364-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3616-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-210-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3680-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3776-106-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3880-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4144-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4308-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4512-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4628-379-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4704-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4788-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5088-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5104-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-558-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-565-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-566-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14636-2601-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15556-2562-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16132-2659-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16164-2589-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16208-2716-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads