52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe
Size

468KB
MD5

46610c676d9b3ef0d27ba81805cdaa27
SHA1

d8c46fd4d492011905444bfd48f7a60131a8c5c4
SHA256

52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b
SHA512

b1d667c8dc0d56267e192993d0e6c11ad485e84b35f0b72881498b9e096cd09aefb03930f4393c24256836b84f2cf6301b84473da42ce75515e0b97e0217c547
SSDEEP

3072:4belogxaIU57tbYZPzcfm0fD/n2DnsIH/QmyeQVqAu5KkHi3uxol/:4b4oCc7tCP4fm0fra1wu5DC3ux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
876	Unicorn-19370.exe
2824	Unicorn-3993.exe
644	Unicorn-37412.exe
1620	Unicorn-3007.exe
3524	Unicorn-3007.exe
2588	Unicorn-17952.exe
1972	Unicorn-41994.exe
2016	Unicorn-56074.exe
2592	Unicorn-23764.exe
4312	Unicorn-651.exe
2896	Unicorn-4470.exe
3672	Unicorn-39546.exe
2856	Unicorn-39546.exe
2104	Unicorn-7428.exe
1412	Unicorn-21163.exe
3988	Unicorn-28446.exe
1108	Unicorn-35222.exe
840	Unicorn-58980.exe
3440	Unicorn-44682.exe
1468	Unicorn-20086.exe
5032	Unicorn-26085.exe
4680	Unicorn-26848.exe
2880	Unicorn-49406.exe
4972	Unicorn-43276.exe
3556	Unicorn-53490.exe
2324	Unicorn-21372.exe
396	Unicorn-45057.exe
3420	Unicorn-25456.exe
3308	Unicorn-4865.exe
1672	Unicorn-62234.exe
4400	Unicorn-42368.exe
1284	Unicorn-43852.exe
2296	Unicorn-34776.exe
1268	Unicorn-40344.exe
3624	Unicorn-29946.exe
3964	Unicorn-42752.exe
4756	Unicorn-54450.exe
1684	Unicorn-26416.exe
4560	Unicorn-1741.exe
1448	Unicorn-24300.exe
1264	Unicorn-62929.exe
2972	Unicorn-31076.exe
1120	Unicorn-55026.exe
1464	Unicorn-55026.exe
60	Unicorn-57719.exe
1140	Unicorn-12047.exe
1472	Unicorn-8948.exe
3212	Unicorn-34414.exe
1180	Unicorn-34414.exe
1532	Unicorn-32367.exe
3332	Unicorn-56972.exe
316	Unicorn-24199.exe
1320	Unicorn-30065.exe
5012	Unicorn-10464.exe
2632	Unicorn-39874.exe
3904	Unicorn-34414.exe
1976	Unicorn-48996.exe
4500	Unicorn-20962.exe
216	Unicorn-44912.exe
436	Unicorn-6593.exe
5104	Unicorn-463.exe
4688	Unicorn-24803.exe
2908	Unicorn-40012.exe
2260	Unicorn-49664.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
8596	6156	WerFault.exe
19836	8504	Process not Found	1206
20304	2772	Process not Found	880

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58312.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4824	dwm.exe
Token: SeChangeNotifyPrivilege	4824	dwm.exe
Token: 33	4824	dwm.exe
Token: SeIncBasePriorityPrivilege	4824	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe
876	Unicorn-19370.exe
2824	Unicorn-3993.exe
644	Unicorn-37412.exe
1620	Unicorn-3007.exe
3524	Unicorn-3007.exe
2588	Unicorn-17952.exe
1972	Unicorn-41994.exe
2016	Unicorn-56074.exe
2592	Unicorn-23764.exe
2104	Unicorn-7428.exe
1412	Unicorn-21163.exe
2896	Unicorn-4470.exe
2856	Unicorn-39546.exe
3672	Unicorn-39546.exe
4312	Unicorn-651.exe
3988	Unicorn-28446.exe
1108	Unicorn-35222.exe
840	Unicorn-58980.exe
3440	Unicorn-44682.exe
1468	Unicorn-20086.exe
5032	Unicorn-26085.exe
4680	Unicorn-26848.exe
3556	Unicorn-53490.exe
2880	Unicorn-49406.exe
4972	Unicorn-43276.exe
2324	Unicorn-21372.exe
396	Unicorn-45057.exe
3420	Unicorn-25456.exe
3308	Unicorn-4865.exe
4400	Unicorn-42368.exe
1284	Unicorn-43852.exe
2296	Unicorn-34776.exe
1268	Unicorn-40344.exe
3624	Unicorn-29946.exe
3964	Unicorn-42752.exe
4756	Unicorn-54450.exe
1684	Unicorn-26416.exe
4560	Unicorn-1741.exe
1448	Unicorn-24300.exe
1264	Unicorn-62929.exe
2972	Unicorn-31076.exe
1464	Unicorn-55026.exe
1120	Unicorn-55026.exe
3212	Unicorn-34414.exe
1140	Unicorn-12047.exe
60	Unicorn-57719.exe
2632	Unicorn-39874.exe
316	Unicorn-24199.exe
1472	Unicorn-8948.exe
3332	Unicorn-56972.exe
1532	Unicorn-32367.exe
5012	Unicorn-10464.exe
1180	Unicorn-34414.exe
1320	Unicorn-30065.exe
3904	Unicorn-34414.exe
1976	Unicorn-48996.exe
4500	Unicorn-20962.exe
216	Unicorn-44912.exe
3516	Unicorn-33236.exe
4688	Unicorn-24803.exe
5104	Unicorn-463.exe
436	Unicorn-6593.exe
2908	Unicorn-40012.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 876	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	86
PID 852 wrote to memory of 876	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	86
PID 852 wrote to memory of 876	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	86
PID 876 wrote to memory of 2824	876	Unicorn-19370.exe	87
PID 876 wrote to memory of 2824	876	Unicorn-19370.exe	87
PID 876 wrote to memory of 2824	876	Unicorn-19370.exe	87
PID 852 wrote to memory of 644	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	88
PID 852 wrote to memory of 644	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	88
PID 852 wrote to memory of 644	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	88
PID 644 wrote to memory of 3524	644	Unicorn-37412.exe	90
PID 644 wrote to memory of 3524	644	Unicorn-37412.exe	90
PID 644 wrote to memory of 3524	644	Unicorn-37412.exe	90
PID 2824 wrote to memory of 1620	2824	Unicorn-3993.exe	89
PID 2824 wrote to memory of 1620	2824	Unicorn-3993.exe	89
PID 2824 wrote to memory of 1620	2824	Unicorn-3993.exe	89
PID 876 wrote to memory of 2588	876	Unicorn-19370.exe	91
PID 876 wrote to memory of 2588	876	Unicorn-19370.exe	91
PID 876 wrote to memory of 2588	876	Unicorn-19370.exe	91
PID 852 wrote to memory of 1972	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	92
PID 852 wrote to memory of 1972	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	92
PID 852 wrote to memory of 1972	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	92
PID 1620 wrote to memory of 2016	1620	Unicorn-3007.exe	93
PID 1620 wrote to memory of 2016	1620	Unicorn-3007.exe	93
PID 1620 wrote to memory of 2016	1620	Unicorn-3007.exe	93
PID 2824 wrote to memory of 2592	2824	Unicorn-3993.exe	94
PID 2824 wrote to memory of 2592	2824	Unicorn-3993.exe	94
PID 2824 wrote to memory of 2592	2824	Unicorn-3993.exe	94
PID 1972 wrote to memory of 4312	1972	Unicorn-41994.exe	95
PID 1972 wrote to memory of 4312	1972	Unicorn-41994.exe	95
PID 1972 wrote to memory of 4312	1972	Unicorn-41994.exe	95
PID 852 wrote to memory of 2896	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	96
PID 852 wrote to memory of 2896	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	96
PID 852 wrote to memory of 2896	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	96
PID 3524 wrote to memory of 3672	3524	Unicorn-3007.exe	97
PID 3524 wrote to memory of 3672	3524	Unicorn-3007.exe	97
PID 3524 wrote to memory of 3672	3524	Unicorn-3007.exe	97
PID 2588 wrote to memory of 2856	2588	Unicorn-17952.exe	98
PID 2588 wrote to memory of 2856	2588	Unicorn-17952.exe	98
PID 2588 wrote to memory of 2856	2588	Unicorn-17952.exe	98
PID 644 wrote to memory of 2104	644	Unicorn-37412.exe	99
PID 644 wrote to memory of 2104	644	Unicorn-37412.exe	99
PID 644 wrote to memory of 2104	644	Unicorn-37412.exe	99
PID 876 wrote to memory of 1412	876	Unicorn-19370.exe	100
PID 876 wrote to memory of 1412	876	Unicorn-19370.exe	100
PID 876 wrote to memory of 1412	876	Unicorn-19370.exe	100
PID 2016 wrote to memory of 3988	2016	Unicorn-56074.exe	101
PID 2016 wrote to memory of 3988	2016	Unicorn-56074.exe	101
PID 2016 wrote to memory of 3988	2016	Unicorn-56074.exe	101
PID 1620 wrote to memory of 1108	1620	Unicorn-3007.exe	102
PID 1620 wrote to memory of 1108	1620	Unicorn-3007.exe	102
PID 1620 wrote to memory of 1108	1620	Unicorn-3007.exe	102
PID 2592 wrote to memory of 840	2592	Unicorn-23764.exe	103
PID 2592 wrote to memory of 840	2592	Unicorn-23764.exe	103
PID 2592 wrote to memory of 840	2592	Unicorn-23764.exe	103
PID 2824 wrote to memory of 3440	2824	Unicorn-3993.exe	104
PID 2824 wrote to memory of 3440	2824	Unicorn-3993.exe	104
PID 2824 wrote to memory of 3440	2824	Unicorn-3993.exe	104
PID 2896 wrote to memory of 1468	2896	Unicorn-4470.exe	105
PID 2896 wrote to memory of 1468	2896	Unicorn-4470.exe	105
PID 2896 wrote to memory of 1468	2896	Unicorn-4470.exe	105
PID 852 wrote to memory of 5032	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	106
PID 852 wrote to memory of 5032	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	106
PID 852 wrote to memory of 5032	852	52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe	106
PID 2104 wrote to memory of 4680	2104	Unicorn-7428.exe	107

C:\Users\Admin\AppData\Local\Temp\52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe
"C:\Users\Admin\AppData\Local\Temp\52e19f265ce5c4f3bb3671f0b66d7819d9833b22ff3d4d0b87f6ce698177846b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        9⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
        11⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        11⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25251.exe
        11⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        10⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        10⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
        9⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30076.exe
        10⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        10⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        9⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        9⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
        10⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
        10⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8253.exe
        10⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        9⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48944.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        10⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        10⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        9⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        9⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        9⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        9⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        8⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        9⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        8⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        8⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
        7⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        10⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        10⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        9⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
        9⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        9⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        9⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        9⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        8⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        9⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        8⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        7⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        8⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        7⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        6⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        7⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        6⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        6⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        6⤵
        Executes dropped EXE
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        10⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        10⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        9⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        9⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
        9⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        8⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        7⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        7⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        9⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        9⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        8⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        8⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
        7⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        7⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        8⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        9⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        9⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        8⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        8⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        7⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        8⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        8⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        8⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        7⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52317.exe
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        7⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-439.exe
        7⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        6⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        6⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        6⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        7⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        7⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51669.exe
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        5⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        10⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        10⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
        9⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        9⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        9⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        9⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        9⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        8⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        9⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        9⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        8⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        9⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        8⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        7⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        7⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65206.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        8⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        9⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        9⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        8⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        7⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
        6⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        6⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20691.exe
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        8⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        7⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        6⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        7⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        5⤵
        
        PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        7⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        8⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        7⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        7⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        7⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        6⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        7⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15778.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        5⤵
        
        PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        7⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        7⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
        6⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        7⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26753.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        6⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        7⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        6⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        5⤵
        
        PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
      4⤵
      PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      4⤵
      PID:6252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
        9⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        10⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        9⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        8⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        7⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        8⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        8⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        7⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        7⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        7⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        7⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12715.exe
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20382.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        8⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        7⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        7⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        6⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        5⤵
        
        PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        8⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        6⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-516.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        5⤵
        
        PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
      4⤵
      PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
      4⤵
      PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
      4⤵
      PID:9312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        6⤵
        
        PID:16392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        7⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        7⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        6⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        6⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        5⤵
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21166.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
      4⤵
      PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
      4⤵
      PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      4⤵
      PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        5⤵
        
        PID:13128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      4⤵
      PID:17180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
      4⤵
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
        5⤵
        
        PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        5⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        5⤵
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
      4⤵
      PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
      4⤵
      PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
    3⤵
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
      4⤵
      PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
      4⤵
      PID:14440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
    3⤵
    PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
      4⤵
      PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
    3⤵
    PID:10476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
    3⤵
    PID:14648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
    3⤵
    PID:7900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
        5⤵
        Executes dropped EXE
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        8⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        8⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        7⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42096.exe
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        7⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29332.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        6⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        7⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 464
        8⤵
        Program crash
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        7⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46547.exe
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
        6⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        5⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        6⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        5⤵
        
        PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19614.exe
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6457.exe
        7⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        6⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        5⤵
        
        PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        6⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
        6⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        5⤵
        
        PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34004.exe
        6⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        8⤵
        
        PID:17836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        7⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        7⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18042.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        7⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        7⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        6⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        5⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
        6⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25810.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        7⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        6⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        5⤵
        
        PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        5⤵
        
        PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        6⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        5⤵
        
        PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
      4⤵
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36710.exe
      4⤵
      PID:18280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        5⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
      4⤵
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        5⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
      4⤵
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        5⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        5⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        5⤵
        
        PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
      4⤵
      PID:11088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
    3⤵
    PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
      4⤵
      PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
      4⤵
      PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
    3⤵
    PID:10920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        8⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        9⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        9⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        8⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15804.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54185.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        7⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2383.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
        6⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        6⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        5⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        5⤵
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53215.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        7⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        6⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        5⤵
        
        PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        5⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26723.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        5⤵
        
        PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
      4⤵
      PID:13696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        7⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        5⤵
        
        PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        5⤵
        
        PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18849.exe
      4⤵
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        5⤵
        
        PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
      4⤵
      PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
      4⤵
      PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        6⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        5⤵
        
        PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
      4⤵
      PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
      4⤵
      PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
      4⤵
      PID:14324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
    3⤵
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
      4⤵
      PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
      4⤵
      PID:18208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23807.exe
    3⤵
    PID:8280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
    3⤵
    PID:12344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
    3⤵
    PID:17296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8202.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        7⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        6⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63801.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        5⤵
        
        PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
      4⤵
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        5⤵
        
        PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
      4⤵
      PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
      4⤵
      PID:14040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        5⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19137.exe
        5⤵
        
        PID:672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
      4⤵
      PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
      4⤵
      PID:17708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
      4⤵
      PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39142.exe
      4⤵
      PID:12232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
    3⤵
    PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
    3⤵
    PID:7832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
      4⤵
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        6⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        5⤵
        
        PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36094.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
      4⤵
      PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
      4⤵
      PID:17808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
    3⤵
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
        5⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
      4⤵
      PID:14876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
    3⤵
    PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
      4⤵
      PID:13948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
    3⤵
    PID:10676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
    3⤵
    PID:15576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
    3⤵
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
      4⤵
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
      4⤵
      PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
    3⤵
    PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
      4⤵
      PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
    3⤵
    PID:13880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
    3⤵
    PID:556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
  2⤵
  PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      4⤵
      PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
      4⤵
      PID:17952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
    3⤵
    PID:9440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
    3⤵
    PID:14800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37741.exe
    3⤵
    PID:8696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
  2⤵
  PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18042.exe
    3⤵
    PID:12724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
    3⤵
    PID:8772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
  2⤵
  PID:10448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
  2⤵
  PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6156 -ip 6156
1⤵
PID:7736

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe

Filesize
468KB

MD5
d0483f92a4da3e2ec8db536b8824220f

SHA1
6a3bf24afda4bd0d4e8259411de64bc366d9e9fa

SHA256
cc543ae196a2be1fd89fa492efb2343ea058bcdeb3ba6a946ae398e653e81a16

SHA512
99ff3fb9340a8a897e7f744f35a536600a9ea37da6473dc3ba6d5cc1c924a761fc1381f91a6b146c538fcbf64b6a70034dfc8333840a19a4ce2130d0b54b5a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe

Filesize
468KB

MD5
ae1cdab4fb1172a4a329a38093100fe1

SHA1
f7a52da85fd4b4109cabd2b3ed32f64e97157e7f

SHA256
ef792593bf8a27fe15bf731165db564d0fe149f9b08ed3698541fb727a4dfdb0

SHA512
e69d63fb0c8aee6b2b06134e4b6f9e4877a9dfefca8af7cfba1c32e79343ec210dff8fa855e5dd67d9669fbae7c21e8e97ce14987e0092059dca51415bb50890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe

Filesize
468KB

MD5
160223aaa67ca03ff8a6dfcfa80e44f2

SHA1
8f8ca12e517ea1889bb39bb36461f5d3ae6a7ac5

SHA256
6459559b76efd5ffe690c31b2b9a82a921e73cdaf2bda178f56563e9d6280caa

SHA512
0fea3a5d3fb3c4ef121d0db8ddf2ecf98679ccbf4b8c714de7b04e122124ceabc36e81f3c2afd7f6fadf9f82a3f487ec1a42310c240e273cd216c14f14390f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe

Filesize
468KB

MD5
1dff7f37e3cc122fb7b011748be26f3b

SHA1
ff4141466ef254e4438f17a1658f396f8c4cb1e9

SHA256
7cfe706672858f1fc597051ce0b714ca4dab1d7b103c2dcfc84c2a1aa1acf5f7

SHA512
89d390853dc40d778178524d8d54172582394a588c8ba0ad8bcc498974a0036afdb5f11bb6d5104cd32946841eda328e9a658d1581be10490301413860576bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe

Filesize
468KB

MD5
df804c0431121769c9ec4d6ca3cb252c

SHA1
4d03ee6d9271120fd83983e3adfb00d861d3edcd

SHA256
e34ea77a716b99e60661f795be27f7f5bbbcdf4ec60c364c4785425a7c07569e

SHA512
a69c8c3a314fd659d89da3931110cbaac522e68ce74f7852ee4d0c56f8bbb3788bd368575ca954770b8e0a70de7d4c233ee58263031181d538713d5e1183c1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe

Filesize
468KB

MD5
aab9af7306f3a8515c5aa2c0194d6ff8

SHA1
84613f30bcd0f4d35f218812eed5c9f3068c5a67

SHA256
e2e46d373be8c5bd8edb710a0ecaddb69c1f821fc0670ed6c55119d229b9d0c6

SHA512
afc286196f56c79c54432a8ad90eb2cff2cfe0d9d19c880f01bcdb0eb6621af37ff3a4903bf46bf18f989601d6f802200e962d1d72ee4a678092bf2677adf9fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe

Filesize
468KB

MD5
d5fabc847bdbb39cd6616f7ee090c939

SHA1
1d2f9f3dd1bd435f3c06367cccead550fa5c61c2

SHA256
c6b3d90eb467ed79465b0d3d965670259b125c5446f60c5fd01dacbf45c44e26

SHA512
9ed1ff3f5aa5e623e61a0538962151e3215280136eb75032ecf45cb14dfd30374709c5965945257cd234073bbb5a71912b6a97b1e46bd56ab8b94f2c44ebc41d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe

Filesize
468KB

MD5
a85d501da1dd613f8abd76b20ec1ee57

SHA1
1cf2655ca6d0a4b2e1d2b4ef65babbf066a58d5f

SHA256
c731f6fc528a3c3f8ea1302003b5ec83bcd9dcd79d0279336337c703cd0867c7

SHA512
82b8cefc938d643289fb12571fd4c875e3a00e0ef5c766fccfda77d80beaa934dc606568bae36411ad7ba22f1966ec0fd1f8bc2fa3ed2e1cb61d379ad2312db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe

Filesize
468KB

MD5
286e7446fe348ab686f18fb30aa3179c

SHA1
6b0f19143e758f28314df0d82c9d1587346d60fd

SHA256
009afa0156282f70542119f5595e38730ce7e0109698e6fd937bd6a3129eb35e

SHA512
a80136c9b9d8ece011e9a1defa3effbc78debe25013c0960414d6531ab6d23d87cec71e5ba900e2ef307f846e2da1a90f216b7394f18f04d0b3cb3c15ca6993b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe

Filesize
468KB

MD5
42051c3a3c21daf0c2bacece86860b62

SHA1
5a7c7e8fb2ef42912564e5efb434615ee580bed4

SHA256
4f1ac230d783e0cacec2a236532d7a440d5c56ea14ca249ebd42f59481670119

SHA512
b55620a91a64ca6d7223cda2a69e46aef1c0679f9e43894811b4e049e0726d064fed2d44f0b063f61f062d99c5a5c5ae34685542110ffba4c79be0d29714f53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe

Filesize
468KB

MD5
cb010ec4142af7276d6853978efc506c

SHA1
3976e625d231f997d513b6854ac3b939f46057c6

SHA256
f9417ea18eb555db06a03c8630cad28d2aee2acdf61cc9867b8544e6416bb195

SHA512
2ee1a33462ac699493627775aad02099554eb483fabeda405d05c328acf7085d18701247a6f17e2ec38638a2181a733dd6585c875bce1b5426747bca1b4caf53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe

Filesize
468KB

MD5
df7390998bfd887e49ce35f430349c5e

SHA1
806915e4524506a0a30f8ee23e07c2b92a595dc4

SHA256
fe8d2629f0653df58d32589a697671f1f3f9ef5110cc046a2420d6c56511bde7

SHA512
b143e1cde22659a9f60728569fc254ffdb493124d7663f830438fea9554686154302b257bfeeef8c558b8366176c396e443eaa847f011d693ee12991c1a124fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe

Filesize
468KB

MD5
4538c85103a8f7f3462683ef49702da3

SHA1
ecb54b2f67aaaaccbf68c375a9ccfa33485bcc8c

SHA256
a5ea5d6a5913f357aebeb95bb5c6894d8d4e41186c2d2e5833f137fde4dbb465

SHA512
667d29fd4317404896f17a0a238ba2fd0ddb8cb154366f4bff933da1732d5f35a5ee677ea1b9ef2088e36bc8fb06c8f75ece6a208074884ee132ca83b129c00f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe

Filesize
468KB

MD5
f3259e702880e88d1d51099b01cc804e

SHA1
033b2b6889a6662158ab94ed802b6084024d396d

SHA256
b1a5079e1ab0fbd4fb8ed20d91c6f99320b923908556ddd64597d7d1b53197e5

SHA512
c2280e6d7c14baa2d8fea42e29d00663c46089d47c840009576dd2372b6be8554b78a722bb96d51f16f53c422697e1164e11807c176c0d934c461a4141fbb49b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe

Filesize
468KB

MD5
36719ecd777a80fee3b8081f103a7569

SHA1
3a59ac67fc19f4ab2bd395a2247d126ce2c96cfa

SHA256
2a70f51ead1d5b3285e0ab2e930c7a08c0bb6b2150aac58f453e6a2cffa65b35

SHA512
72a271ff8dac93fc00ef2604fe4f739268e3c8a9fd8130c993f5ec3ad50c3565a3fe821236eed80d4ac39386229fe75e290de12455687e7fc38d080242e0f75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe

Filesize
468KB

MD5
9750b2afc93f8a9f6bc4c3dab8539b08

SHA1
5d909a8e1ca80891b3ecbb632f6b5a2f3a189ac2

SHA256
999a3f12885f6686ef5a76810adfd73536ad164d8d34f98889ca0ab431a4ee28

SHA512
a7c1526e5ea838ae9003a8b108216cddd01ce7c6afa0fe17c6968912637e76d3542fe92329e39354ea7a2f148a47c09636a65326351b3db1bd5dca3fc6744147

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe

Filesize
468KB

MD5
a053c5d7c1c4bb0987eb3c85622d1816

SHA1
83dcebc70f46909aef2def0f5a59c7832c198fae

SHA256
b697ed2ecbe6b4446a1da00c42aa285564458ec563326f97248b2086b2cbb6db

SHA512
8cea8cc9bf28fec8823885c6f50e1e0fd5de95d4fd5bea11d64add880beaae1f6eeb7d7dfc331eaca4e5952a696c0b18f00f63397f4e9612f582ea39895c9c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe

Filesize
468KB

MD5
a500d0ab764582ac28e39b7b2e33e565

SHA1
9a20063d56ecb7cccef48378d23849c4bba20b9d

SHA256
cf1b955c2f516a357fc1b79fb7594996866e6846158faf69cb375dbd8a589d77

SHA512
4dbc801d0528fce72255cf2c252890896c9f1bf34190dc9a0031c24405346458e21ff4c4050c311dcd65911c176d68a093a6ccc1442716b18dc40f6e0d2172b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe

Filesize
468KB

MD5
93a73ffd5adcfb9fc294f76985607c55

SHA1
9c72eb37d666a61aed80a34a6e3c365eb6d5b704

SHA256
a78dfed706351a6b31f12dde6b70af301929139ef06941320b2cb497ba34fa62

SHA512
fd48fd6a39c6422ab228f91e08b6dfbc5bd081655e9d1c29f48b6c731b4012ba9ca911ab8d3dfdae38252c869ff993b6616a0ab8067f49fd0643833be2b5ab70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe

Filesize
468KB

MD5
fd09efc0d41a58b8b3ef3d0c5b60a5e8

SHA1
332d2fa20f1f590e809d046b80fc4c6e77a12209

SHA256
9e79adee39e049d82695f0cc066461fd597ca04183767526f633a912feedd349

SHA512
c9cea90794e812834c757c40971157107e125fc3cbb23ec50d14ebb88985deb112c160029804b09989cf72d68bc7e511dc40ba1e7a639de4744aef920a4ffce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe

Filesize
468KB

MD5
2ff64ceda9eb06dd3d129f7b480daf9f

SHA1
efdfeb3e0d2cdbbbabb1e55fb6933c2cf042fea6

SHA256
8ad21642924809331ea720d5ad3663611d0f2801aafe33b89dbd1e33a33270c6

SHA512
9c65efc8467a24ba6248ef2d4b7c5bcd62ce625e1978b10bd965c1240416fa794d9f751cc642091cff3eec1c55a70cca2a34e1e2d72b90cdca8a172937f37883

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe

Filesize
468KB

MD5
777c03ce3d9b25fc50bda0c25ccfd029

SHA1
6911066ce2925c8e544fadb56f3afab0409d20f8

SHA256
db1a90b0a7a2306ad4a4db1c78129d2888c9d0c9f5e7987c6c86d9beda63e736

SHA512
8fb66c26e70a82dcbca36b2dd76ba06157671ca412e84ea6c82e300c710973b7b7d8a244b54c93f612d1089991771aa1bdc6d7da7779583717fdcfbe03e97fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe

Filesize
468KB

MD5
9b8c11da2c8a2df86cd46fc99592d703

SHA1
89e69c38d9371b222691a83e78dcf72380c35a30

SHA256
eaed1f3591320d03ebf67a92052271768c97376bfbc95cda4f25290ad5cdfa2d

SHA512
ce474974c3531e940f4f208b81a37c70d5b272edd7f9fc88149c0e01d033a81da5af5c848d2ec5f1f5cc1d47ab955e7fbbfc524b6e6d715d5913b51792e6f26f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe

Filesize
468KB

MD5
ca6c11a0521565e5b241085a0cf239fa

SHA1
4a641695113c32d88f4f094a21c1b459a2f4aaa2

SHA256
6fabaf6fb2a76deee997ca9052ef847c0d7539fae91c0ffee25d601a8d0658b9

SHA512
e70f74191bff0d5eec9e943c3c1c1e0268fe35ee9808bef7668a816540980239d0ac1c1483a24d8fe571def3a1cb1ff1f122bd2d26e23fd5372c8b4898171af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe

Filesize
468KB

MD5
6570778072111d8f238684e689cb9372

SHA1
37a2cb7b71f10e04a5498863519f482b26a010f8

SHA256
a6ed184d5ed2e1039a858e3a1ffea0e352829f042a651d786b17e3202a922607

SHA512
5e3fad61636fd6023f6475a6590902b344b68745d1f85181bf5fb867a57fa971d8a56961d6c4993fa08c1228c328c785468557d7d4a9e3f59c62e42cd5bfb172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe

Filesize
468KB

MD5
fcb7b886368381c039ba2b8fed2b6d1f

SHA1
7b0e4d02e514d2887ec9d136f1fef2f5736f7e2a

SHA256
ec430b02d03a32c5fc1ecfea3c35e324139a9a63713a5dc967f2c0ff2007d7eb

SHA512
41db862e510650910d68b9050ae5d8ccdb0222d6dfcd44d1c13f34a071df25c74d72b2f7d325b115b3f1ea5e54c99fb21b8a3d78745007b216fc1536bcb894dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe

Filesize
468KB

MD5
e65aeeab458f15a0260afe7c91f7b08b

SHA1
a0490055aed4f7b388460985ef6171c9c2fb967e

SHA256
3c13f8f98bd789ab5b62d08ee75dcf9edc214c4ce30ffbd46d4c48a02534c04e

SHA512
7c3c46881e0aa6f42a916d27b55543dbc3dfd8f68b46de9320f275a2cdf1b1e470e59cdf344a2e12002687127fb44dfa96a354a35a03e8e6c36a0e90a1629245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe

Filesize
468KB

MD5
e0e242e25c2d0f57d4244c53c02a2dd2

SHA1
12c1800aef270666fb4af0440e6819751a3ff289

SHA256
4aa5bf7d888f5713142203d284bcb5e8b14cca8dfb7a655fcb285b370496e91d

SHA512
fbf83a6efab788372912e0c51b4d28bb75c15e9aeac59990b3bca6d9534fe59d49a8dc2f7f8af6a66d2f7974b3ef162f229c3ca7742f359a826667350816c687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe

Filesize
468KB

MD5
ec4e9f8ffa3bc05d5d98de008d51de31

SHA1
f3c8bb3e73931878332653a458a214b42d31b3ef

SHA256
0aa4b817b8f011937b326a4c8fa7f40c42ace38f7a6e2b40aa2334264f4e187e

SHA512
a3ac2a1e508760c8914f396d862e078f1374f853cfe4c47196586c8c78b45cba6f9a8cd8a1ce27543bb7b5d90c94d9f1824935c66364b8d11f5fe4993d607f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe

Filesize
468KB

MD5
d96204ebe490bcdd01621d4a9181a2ca

SHA1
9d8ed05989f2ba3f694976a41d5e826f867de311

SHA256
2a03ee0f6fc020f899d6e79edc0f665201bd5db8eaac31c51dbcc629c78296f0

SHA512
42d63534d616525b411b6fb1ed2a978ef7f40b0b8315c4893fc87a079ad19203c72fa58f43a6ef0d87f81c634b30294433e3f79e3c210ef1707caf864dd18007

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe

Filesize
468KB

MD5
4f88d5ca73ab3da59b856bfcc190afb0

SHA1
bd0f1d53a3352d1296835240ee42c5414a6312f0

SHA256
cf50efcf1f90c2342d27c587801853f437b5d87b3c06fb08b4323df55013aab0

SHA512
76dde0a0a7fbbfbc7c42ced1d24ffbc9f73fc528914fc6adbad883701e821d956316f58bccefd28fa8ad4f6e3d15d48e847d580aaa8a2a16554a60ceda69054b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe

Filesize
468KB

MD5
152523e0dcbc2e29fcc89826fe153405

SHA1
1db83c6f25f516785159bd68d7ccaae44db1fec4

SHA256
617c0f6fef10b9783c72b38d45cfb1de7f601de8c44c58e31a93a0206a57ade9

SHA512
a58b422f364d4df5e56877eed3c645893063a57adc9477633050562e2786f4300da9e85e68341298be33a9e19a99a3e73d5df137883efdeec3d5b1132f02f98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe

Filesize
468KB

MD5
17fa114809c732e1a098117f7fada8ad

SHA1
a277a6ac6c24ed537d685f9d48baa28e08bef31f

SHA256
508d648e7333c94a18d3fe6dcbe739934fbbae32bfb13a641dccc73d38689bc2

SHA512
d9a53219eb0bf2a78047382d51dcced6a081701b7cdf0e33de3adcbee171b0abe7ece61ac5466e42184c6ddf853fcf4b841cb5e5213617ce6b76a66963607c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe

Filesize
468KB

MD5
95e030899cd291a2fb6a9664dee9b22a

SHA1
91e44acf54e70847d0770d609afd31661e2e8b43

SHA256
4a6801fae8f421a12ddd6ff4c637cf11c3a494cdb6f2db362f78e0f92c3d90e8

SHA512
2775a6ad2a3fff704e8055b14eea797e8a0939add4311a2e4b3667907d1e0d0d299620768d68c1bebebc9103ed4ef5c88111c514e2757f7beed75dfc38e44b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe

Filesize
468KB

MD5
655068ab3d1506db3509cfb5882a7992

SHA1
8b1b4f4ddef1a90e9ac14e8627d3698e2d2f28da

SHA256
b5ffa14327a14f0cd0028f0eb1d67b9e6355047b29363f5ab1d66eae0f95adb3

SHA512
5474c3f15e45cbc436923a8bf5118431595ea4bd05284db59a74832b968bb31c871e5ff6b6e4af516c1a31879cc72f7fc19cbdeeeddc8aa87e348d1c141855c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe

Filesize
468KB

MD5
823088111a379e61cba6f09d7a39cd59

SHA1
84714aaae69ac7af48dadee0365d1cb312f7ea85

SHA256
48fa7c6ab0108c73999b77d772b842b25d2ecacbc8ace66de3567fc94abd4479

SHA512
19a71ad1c5db8d658436606f7d505c9ab44fea1682b9dc5bd08546e98cf499a98853b8879c297729e7b8014944419237554fbf4e87f52641f99e7b0f5f09d520

Download Submit
memory/3440-2616-0x0000000075160000-0x000000007516F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads