99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362

Analysis

max time kernel
119s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe
Size

468KB
MD5

38042c2c2c9ee9a405251cbd71ac24d0
SHA1

f61db3616b8e8edb819e66fa3b0dce54c1538ed5
SHA256

99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362
SHA512

d698abf513ed8da0f68587529d87a7b3685f7f2ce20c9aa24fe3ac9a89c371721cf2dd5ca55d3c7afbef020022b85ca9d90809740d58ba3117eaaa9c2a38c146
SSDEEP

3072:4be+ogxaId57tbYZPzcfmbfD/n2DnbIH/QmyeQVqAu5KkkiOBGulY:4b/oCb7tCP4fmbf8a1wu5D7OBG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2196	Unicorn-4888.exe
3728	Unicorn-43949.exe
872	Unicorn-48588.exe
1988	Unicorn-22494.exe
2976	Unicorn-22494.exe
2760	Unicorn-36784.exe
1296	Unicorn-23048.exe
2368	Unicorn-38394.exe
3440	Unicorn-56768.exe
5052	Unicorn-13697.exe
4796	Unicorn-9613.exe
4664	Unicorn-5264.exe
3204	Unicorn-10168.exe
5064	Unicorn-53505.exe
4548	Unicorn-22123.exe
1272	Unicorn-28062.exe
3144	Unicorn-28616.exe
4564	Unicorn-23786.exe
1312	Unicorn-39857.exe
2300	Unicorn-53874.exe
436	Unicorn-53874.exe
888	Unicorn-49790.exe
3780	Unicorn-64080.exe
2424	Unicorn-50345.exe
2732	Unicorn-46261.exe
3172	Unicorn-589.exe
1724	Unicorn-49028.exe
4544	Unicorn-1741.exe
3016	Unicorn-1741.exe
3636	Unicorn-57064.exe
4160	Unicorn-9644.exe
4428	Unicorn-5633.exe
1812	Unicorn-2104.exe
2264	Unicorn-17886.exe
5104	Unicorn-3587.exe
4976	Unicorn-48010.exe
4556	Unicorn-44481.exe
4524	Unicorn-22930.exe
4648	Unicorn-42588.exe
3384	Unicorn-34990.exe
2228	Unicorn-31480.exe
2160	Unicorn-48778.exe
2820	Unicorn-7745.exe
4584	Unicorn-7745.exe
1576	Unicorn-7745.exe
1680	Unicorn-19998.exe
2800	Unicorn-61585.exe
1344	Unicorn-12384.exe
2292	Unicorn-31985.exe
4644	Unicorn-26119.exe
2892	Unicorn-12384.exe
3464	Unicorn-22035.exe
3532	Unicorn-12384.exe
1912	Unicorn-9089.exe
2100	Unicorn-21342.exe
5080	Unicorn-58098.exe
5108	Unicorn-54014.exe
3724	Unicorn-58098.exe
4164	Unicorn-4813.exe
4044	Unicorn-25234.exe
468	Unicorn-8135.exe
3476	Unicorn-62737.exe
3512	Unicorn-12716.exe
1160	Unicorn-58653.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6228	5508	WerFault.exe	174

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24613.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15792	dwm.exe
Token: SeChangeNotifyPrivilege	15792	dwm.exe
Token: 33	15792	dwm.exe
Token: SeIncBasePriorityPrivilege	15792	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe
2196	Unicorn-4888.exe
872	Unicorn-48588.exe
3728	Unicorn-43949.exe
1296	Unicorn-23048.exe
2760	Unicorn-36784.exe
2976	Unicorn-22494.exe
1988	Unicorn-22494.exe
2368	Unicorn-38394.exe
3440	Unicorn-56768.exe
4796	Unicorn-9613.exe
5052	Unicorn-13697.exe
4664	Unicorn-5264.exe
3204	Unicorn-10168.exe
5064	Unicorn-53505.exe
4548	Unicorn-22123.exe
1272	Unicorn-28062.exe
3144	Unicorn-28616.exe
4564	Unicorn-23786.exe
1724	Unicorn-49028.exe
2300	Unicorn-53874.exe
1312	Unicorn-39857.exe
436	Unicorn-53874.exe
888	Unicorn-49790.exe
3780	Unicorn-64080.exe
2424	Unicorn-50345.exe
2732	Unicorn-46261.exe
3172	Unicorn-589.exe
4544	Unicorn-1741.exe
3016	Unicorn-1741.exe
3636	Unicorn-57064.exe
4160	Unicorn-9644.exe
4428	Unicorn-5633.exe
5104	Unicorn-3587.exe
1812	Unicorn-2104.exe
2264	Unicorn-17886.exe
4976	Unicorn-48010.exe
4556	Unicorn-44481.exe
4524	Unicorn-22930.exe
4648	Unicorn-42588.exe
3384	Unicorn-34990.exe
2228	Unicorn-31480.exe
2160	Unicorn-48778.exe
2820	Unicorn-7745.exe
4584	Unicorn-7745.exe
1576	Unicorn-7745.exe
2292	Unicorn-31985.exe
3532	Unicorn-12384.exe
1680	Unicorn-19998.exe
3464	Unicorn-22035.exe
1344	Unicorn-12384.exe
2800	Unicorn-61585.exe
4644	Unicorn-26119.exe
2892	Unicorn-12384.exe
1912	Unicorn-9089.exe
2100	Unicorn-21342.exe
5080	Unicorn-58098.exe
5108	Unicorn-54014.exe
3724	Unicorn-58098.exe
4164	Unicorn-4813.exe
3512	Unicorn-12716.exe
1160	Unicorn-58653.exe
4044	Unicorn-25234.exe
3208	Unicorn-58653.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2196	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	93
PID 740 wrote to memory of 2196	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	93
PID 740 wrote to memory of 2196	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	93
PID 2196 wrote to memory of 3728	2196	Unicorn-4888.exe	95
PID 2196 wrote to memory of 3728	2196	Unicorn-4888.exe	95
PID 2196 wrote to memory of 3728	2196	Unicorn-4888.exe	95
PID 740 wrote to memory of 872	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	96
PID 740 wrote to memory of 872	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	96
PID 740 wrote to memory of 872	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	96
PID 3728 wrote to memory of 1988	3728	Unicorn-43949.exe	99
PID 872 wrote to memory of 2976	872	Unicorn-48588.exe	98
PID 3728 wrote to memory of 1988	3728	Unicorn-43949.exe	99
PID 3728 wrote to memory of 1988	3728	Unicorn-43949.exe	99
PID 872 wrote to memory of 2976	872	Unicorn-48588.exe	98
PID 872 wrote to memory of 2976	872	Unicorn-48588.exe	98
PID 740 wrote to memory of 2760	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	100
PID 740 wrote to memory of 2760	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	100
PID 740 wrote to memory of 2760	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	100
PID 2196 wrote to memory of 1296	2196	Unicorn-4888.exe	101
PID 2196 wrote to memory of 1296	2196	Unicorn-4888.exe	101
PID 2196 wrote to memory of 1296	2196	Unicorn-4888.exe	101
PID 1296 wrote to memory of 2368	1296	Unicorn-23048.exe	103
PID 1296 wrote to memory of 2368	1296	Unicorn-23048.exe	103
PID 1296 wrote to memory of 2368	1296	Unicorn-23048.exe	103
PID 2196 wrote to memory of 3440	2196	Unicorn-4888.exe	104
PID 2196 wrote to memory of 3440	2196	Unicorn-4888.exe	104
PID 2196 wrote to memory of 3440	2196	Unicorn-4888.exe	104
PID 2760 wrote to memory of 5052	2760	Unicorn-36784.exe	105
PID 2760 wrote to memory of 5052	2760	Unicorn-36784.exe	105
PID 2760 wrote to memory of 5052	2760	Unicorn-36784.exe	105
PID 2976 wrote to memory of 4796	2976	Unicorn-22494.exe	106
PID 2976 wrote to memory of 4796	2976	Unicorn-22494.exe	106
PID 2976 wrote to memory of 4796	2976	Unicorn-22494.exe	106
PID 740 wrote to memory of 4664	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	107
PID 740 wrote to memory of 4664	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	107
PID 740 wrote to memory of 4664	740	99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe	107
PID 3728 wrote to memory of 3204	3728	Unicorn-43949.exe	108
PID 3728 wrote to memory of 3204	3728	Unicorn-43949.exe	108
PID 3728 wrote to memory of 3204	3728	Unicorn-43949.exe	108
PID 1988 wrote to memory of 5064	1988	Unicorn-22494.exe	109
PID 1988 wrote to memory of 5064	1988	Unicorn-22494.exe	109
PID 1988 wrote to memory of 5064	1988	Unicorn-22494.exe	109
PID 872 wrote to memory of 4548	872	Unicorn-48588.exe	110
PID 872 wrote to memory of 4548	872	Unicorn-48588.exe	110
PID 872 wrote to memory of 4548	872	Unicorn-48588.exe	110
PID 2368 wrote to memory of 1272	2368	Unicorn-38394.exe	111
PID 2368 wrote to memory of 1272	2368	Unicorn-38394.exe	111
PID 2368 wrote to memory of 1272	2368	Unicorn-38394.exe	111
PID 1296 wrote to memory of 3144	1296	Unicorn-23048.exe	112
PID 1296 wrote to memory of 3144	1296	Unicorn-23048.exe	112
PID 1296 wrote to memory of 3144	1296	Unicorn-23048.exe	112
PID 3440 wrote to memory of 4564	3440	Unicorn-56768.exe	113
PID 3440 wrote to memory of 4564	3440	Unicorn-56768.exe	113
PID 3440 wrote to memory of 4564	3440	Unicorn-56768.exe	113
PID 2196 wrote to memory of 1312	2196	Unicorn-4888.exe	114
PID 2196 wrote to memory of 1312	2196	Unicorn-4888.exe	114
PID 2196 wrote to memory of 1312	2196	Unicorn-4888.exe	114
PID 4796 wrote to memory of 436	4796	Unicorn-9613.exe	115
PID 3204 wrote to memory of 2300	3204	Unicorn-10168.exe	116
PID 4796 wrote to memory of 436	4796	Unicorn-9613.exe	115
PID 4796 wrote to memory of 436	4796	Unicorn-9613.exe	115
PID 3204 wrote to memory of 2300	3204	Unicorn-10168.exe	116
PID 3204 wrote to memory of 2300	3204	Unicorn-10168.exe	116
PID 5052 wrote to memory of 888	5052	Unicorn-13697.exe	117

C:\Users\Admin\AppData\Local\Temp\99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe
"C:\Users\Admin\AppData\Local\Temp\99094b1bb239331a4dbbbe5a09df42292b0f16af0d36944aa3e3fc3d0b5d1362N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        10⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        10⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        9⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        9⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        9⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        10⤵
        
        PID:18696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        9⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        9⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        8⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        7⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        8⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        8⤵
        
        PID:18716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        7⤵
        
        PID:18772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
        6⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        7⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        8⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        9⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        9⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        8⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        9⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39539.exe
        9⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        8⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        8⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:19384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        7⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        7⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        7⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        6⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        7⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        6⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        6⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        9⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        10⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        10⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        9⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        9⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        9⤵
        
        PID:18736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        9⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        8⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
        8⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        7⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        8⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        9⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        8⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        7⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        7⤵
        
        PID:19280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
        9⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        9⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        8⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        7⤵
        
        PID:19260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        7⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        6⤵
        
        PID:19396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        8⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        7⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        6⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        7⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20146.exe
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        5⤵
        
        PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        7⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        7⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        6⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        5⤵
        
        PID:5508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 720
        6⤵
        Program crash
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        6⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        5⤵
        
        PID:18912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53402.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        8⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        8⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        5⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        6⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        5⤵
        
        PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
      4⤵
      PID:15244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        9⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        9⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58843.exe
        9⤵
        
        PID:18796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        8⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        8⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27035.exe
        7⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59780.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        7⤵
        
        PID:18728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        6⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
        7⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        6⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        8⤵
        
        PID:19348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        7⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        6⤵
        
        PID:18468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        7⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
        6⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        6⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        5⤵
        
        PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        9⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        9⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        7⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        7⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
        6⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        7⤵
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        6⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        6⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        5⤵
        
        PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        7⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        7⤵
        
        PID:18880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        7⤵
        
        PID:19248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
      4⤵
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        7⤵
        
        PID:19268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        6⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        5⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        5⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        5⤵
        
        PID:18116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      4⤵
      PID:16212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        7⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        7⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        8⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        7⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        6⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        7⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        6⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        8⤵
        
        PID:19164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        6⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        6⤵
        
        PID:18892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        7⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        7⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        6⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        5⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
        5⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
      4⤵
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        7⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        6⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        6⤵
        
        PID:18904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        5⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        5⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64028.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33179.exe
      4⤵
      PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
        5⤵
        
        PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        8⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        7⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        6⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        6⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        5⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        6⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        5⤵
        
        PID:18596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        5⤵
        
        PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
      4⤵
      PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
      4⤵
      PID:8028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        7⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        6⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        5⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
        5⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
      4⤵
      PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
      4⤵
      PID:13604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        5⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
      4⤵
      PID:7624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
    3⤵
    PID:13928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8404.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        9⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        9⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        8⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        7⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        7⤵
        
        PID:19340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        7⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
        7⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
        8⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        7⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        6⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        7⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
        6⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        5⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
        5⤵
        
        PID:19408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        8⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        8⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        7⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        6⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
        7⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        6⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49282.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        7⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        5⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        6⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
      4⤵
      PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        5⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        5⤵
        
        PID:18872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
      4⤵
      PID:16232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        7⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20080.exe
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        7⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17688.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        5⤵
        
        PID:18748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
      4⤵
      Executes dropped EXE
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54542.exe
        7⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        5⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        6⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        5⤵
        
        PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
      4⤵
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        7⤵
        
        PID:18848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        6⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38423.exe
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        5⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9956.exe
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
    3⤵
    - Executes dropped EXE
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
      4⤵
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        5⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
        5⤵
        
        PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
      4⤵
      PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
      4⤵
      PID:17668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
    3⤵
    PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
      4⤵
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
    3⤵
    PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
    3⤵
    PID:12972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        7⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        7⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        6⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        6⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-273.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25810.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53572.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        6⤵
        
        PID:18836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
        5⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        5⤵
        
        PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
      4⤵
      PID:7840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        6⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        6⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        5⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        6⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        7⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        7⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        5⤵
        
        PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
      4⤵
      PID:10616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
      4⤵
      PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
      4⤵
      PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        6⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        7⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        5⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        5⤵
        
        PID:18860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        5⤵
        
        PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
      4⤵
      PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
      4⤵
      PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        5⤵
        
        PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
      4⤵
      PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
    3⤵
    PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
      4⤵
      PID:18824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
    3⤵
    PID:10496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
    3⤵
    PID:16224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        7⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40555.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        6⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
        6⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        5⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        5⤵
        
        PID:18452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
      4⤵
      PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
      4⤵
      PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
      4⤵
      PID:19236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        6⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        5⤵
        
        PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
      4⤵
      PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1178.exe
        5⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
      4⤵
      PID:18460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
      4⤵
      PID:17508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
    3⤵
    PID:10132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21616.exe
    3⤵
    PID:13724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        7⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        6⤵
        
        PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        5⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
      4⤵
      PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        5⤵
        
        PID:19172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
      4⤵
      PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
    3⤵
    PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
    3⤵
    PID:10524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
    3⤵
    PID:15280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
      4⤵
      PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
    3⤵
    PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        5⤵
        
        PID:17892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
      4⤵
      PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
    3⤵
    PID:9904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
    3⤵
    PID:16240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
    3⤵
    PID:8244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
  2⤵
  PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
      4⤵
      PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
        5⤵
        
        PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
      4⤵
      PID:812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
    3⤵
    PID:14468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
  2⤵
  PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
    3⤵
    PID:13148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
    3⤵
    PID:19312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
  2⤵
  PID:7904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
  2⤵
  PID:15260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5508 -ip 5508
1⤵
PID:6824

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe

Filesize
468KB

MD5
1c572c08693833d1aefdcacfab232232

SHA1
5f2a8aa5cbf1298da4b2353bd65722f822beb46b

SHA256
f4c21868ec5805349237da1c3953d32ffacd8b03e4f5de40730ef298c71cc332

SHA512
a0d4b81f6181e559102918bc0ceb73a78211c619a8aff35fba453f9030f3c0f2934eee83f1328c5a2d2d8468aedb02ff032e56bb3fc512ca94da3739993875a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe

Filesize
468KB

MD5
bd0f8cdc1d607d3a86a1fdcfea13f85e

SHA1
1d5a03f00126616a6d76edc34858cb3516815034

SHA256
025aad322a26111bed6110a407aa68090e2b046abadbec6cbce14137358c57e4

SHA512
d2ef2c3cc1c75d7bdc935abda2d9da6224e9a40d42f0c67e2dde600f1a0dd3cd83f5f871885785cfef7b4a9da9d8febb7567fa586b708327e841ba2895f79a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe

Filesize
468KB

MD5
2fb767a9b8715a814a6c5a194ec761d7

SHA1
58da84fb4390f945051b1fbf3aecaae2692d1919

SHA256
d6ccd08fe79cf74491e2fc0fa76d56d2ad8154688ff5bf47e692cd80f872bd1f

SHA512
4b73cc7cecbf2a2f96bd6baa9db8b8816ea8416d2c34d7001313026beb454929ffcd30825e6937e28c3cd970ffa1b7b0fe053e56173554952054a775cf0ebb94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe

Filesize
468KB

MD5
798c9a717c4a752b34f068c01b74418b

SHA1
0f58c1a1755674470656d96dccaedd9974c9a819

SHA256
4e43b751d4e398ee0438a566dd01e09ec87bb34c7a9b7ffbb5b606adc30d231e

SHA512
f4fabe99eb990d650e9fb9200ce09f82d4bc8bc29d92a321414f0ad7446eed5334b5ba4442dc361a0a40feca3a08868c4d64b138c67fa1350a9c3c62fe0aec2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe

Filesize
468KB

MD5
31669e66f8bf1c59837158ecb840e8c4

SHA1
1ac13f85b0acc84fe4865dbbcde13732f608d53f

SHA256
b90cfd8903b624f50bc52699a822b846c00bec0e810c1aa314f7d5e8654844be

SHA512
57c276e0f6d3a6c5020facc2dde0bab5c4ecd728a730323e4ea7d10be1e0e03219ff99701cfbded51db1a10f93ea9ecb6ab02ded1e96a9bdb0badff232235b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe

Filesize
468KB

MD5
6c9948db9614690cacd4548a73ed3485

SHA1
84f12ff51b557ed3d28406b8039f43db1f8778d9

SHA256
80124a311472847f794a406e3601534eaee74d2711b490ebc8774b93aaaf6e97

SHA512
37e7aa21745c99d2c28b4e4da148eb628929de78df6edb720eb85e0ed7ce770e023bc2b1fc3db37e1fc98a72328966d2638a7ec66f8fea560f993fcf76b314aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe

Filesize
468KB

MD5
ae16deee5b7813afdbf7c997d3f909aa

SHA1
a6044f0a4333e986ff5a05cd836060166e0934a7

SHA256
37af92dc647eab973185e8450ce7867b9611a3593595a28c79aa53312a57a4f5

SHA512
21af59ef20ff88fed40cbe063e82c13431e75cf53434a212f9001a692237e5fc07b8e8be0ed8f2905d327e1f3e92a89d4e09c5338f39a90f3f2ebfe3339590f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe

Filesize
468KB

MD5
bb0802145cc6d4266e637f547f1dbdb5

SHA1
cf3dc64129331b0b07e3e9f6225f8b3c5099e207

SHA256
c673def524628a8d27d4da54858bacb0073744aac946a16c695772ea46c29bc3

SHA512
34295cf028bff00a4304b9b7bdf9769aa876a776089bc01c32bb28e4a6c39a636bd8122d563ab2e2625e7c37ac67691a6ddee069e13374d9a33d6a426e1fe000

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe

Filesize
468KB

MD5
42c1de1078b4d3269a63bae815a1c51e

SHA1
e629f989ae54462bfb2461535edb8d8c2e25945e

SHA256
901d82c702c6534f40824976d7bc249de3c448eb30ec8e0ac77dc070c03ed506

SHA512
88f75c1c508f37eca81fc802fb6230a71b6d04781330bd867f5b773345cd2652ed1ecd7af3997397d64cbd01049d929f216c7d8da1f8d9c48bcee4e8bb8868e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28062.exe

Filesize
468KB

MD5
79c387805de867510f8bc494f4d487c3

SHA1
fe72df8a8a6192db3c475ed730b21d8ee68a7af7

SHA256
0b142bc8d501ac2698eff912a09c632f46ed100ed2c70ebefadd84ec4ab29231

SHA512
565327e982eaa3719c2a14185095fd4602e955d2641bf5e9b23227150c21b230022b3194eb6c06ecb4bd9ec24181e4e43ea6de6dd462dedf6c1adbdf63a39510

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe

Filesize
468KB

MD5
5152b984910b8ccaca69aef392fdbe3e

SHA1
43e7ef264beac47f24757fdcc8ce29c6518c698e

SHA256
15f4cbcf58485551d0e52876761e8298a2a213191cd208f48ac92220b507116c

SHA512
ef6a90a54cadbb6c0036404292b23003950b8fc956e9f588559edbd904a0b82fc64b1c7a9577e731c6e6c2b8d565ff1c03c2e62d99eb8b2aa40650af66fe2304

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe

Filesize
468KB

MD5
a19831bf2653b220eb0c92a0f38a20a9

SHA1
ccdb371fd664b0abf8542f39df8c5524a3436016

SHA256
6a4eb71688cd94a2f313849782b61eaec1316fe93c9561377ab1559e2cad5b7a

SHA512
16bd2c8a9bf813354f5aecfeb69ada87e6f6eb5b995e8fade37c904cbb58d311b04c8c7b14750f1fc60ddab7eae2492b9e76d7c6c87dbe7f8d4cfb9a68d75461

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe

Filesize
468KB

MD5
8568bf09abce2e703468c8b64aa3150b

SHA1
d785d27aded9d6cbd4a42ca364da056a038f2329

SHA256
2605df40baf68f7bb9f8f58b9645e8ee0c9416aab7ece5eedd36be2e7d668580

SHA512
b6f608233b24d0db4eacaa6baf7cc66a6ddc500c311a4ed15f1b24bc1117ddd61a53d921ee9c484995921c6b3e65efc4300f8256a94f1c18286f64d4cc988565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe

Filesize
468KB

MD5
a55d8abe36a4213ee44f9b4a128edad5

SHA1
de809fca0ce18fe202a0f9690ff0f7cc9f9a952d

SHA256
309d5881da56963fd5a8d9776af33322f50040eb949d4498bd006b58c57f78b7

SHA512
a9164687da210b800a103401fe5fec579669875be7ea56d0c508e3bf77405d1a0cc32f75ddeb67412ad65941c591c9c5e36226b8ac6eae821a71b89203107d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe

Filesize
468KB

MD5
651d347b99d935a593722667efb2acc8

SHA1
7fff80639a1025e1022b6b19f6d6b98c55495f90

SHA256
fd83599f2f15ba21e22a18bbd336a815a79cae0b7ad1ada14a8bf2c15334340f

SHA512
a71a70966283d38d674e16f8812034fe9dba7c57a292105a760656ac596b170c36cf1e4941c00d76bf5b9f6a2e5c094adbd3e91ed7ac272668f78762298b637e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe

Filesize
468KB

MD5
32e07714ce944cd03073f2b78594eb65

SHA1
0dcd7fc93a99c24578d8875bbbb4a899d451be43

SHA256
6267087bc10c9a8086e8380e23f7814ab6c886c01f957f90ec0fbff6c2f29666

SHA512
c30326986c462c934a302570652cc0b047125205893d07915359297a81c4631a26eaa130dbe9eedd2c806eb4a71cd8b62e1fd6d5bf0a30c861248ee1bc896e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe

Filesize
468KB

MD5
057413014da3918bef0cb13c4ec51ed3

SHA1
d5ebf8025c4ca1c17608e0457e0b79a0f9c28db3

SHA256
825c4950b136c43e1cca751350e7ce3e4dd6e4890eab6f2c720a20c3a22823b1

SHA512
7c9e9cdc2eb14a409f82a502c2c4fd6eea103516ca3625ea529be0b2133bc70a71be827b2b05c42b3930c840f1df186581f799ad2b175c38c415518dd3ae8387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe

Filesize
468KB

MD5
63326a3966cff5e54386fdff6a9213f6

SHA1
0d3eb505af6da631d94044a5a8ff761328a133e4

SHA256
2037dc113d043f7ab90ae0bc732c66973f100946541e3d407dfc8c30d254a0b0

SHA512
40428918f42790a1c7d0505f922a3cabdfda5fe91ddea61d45f11fb2e473d3a52896f3ced5b32acba0f7b6e03b0343e2b30dd519529a168fa78689a1542e7a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe

Filesize
468KB

MD5
5df39ba1b5efbb61e927d309a0669d79

SHA1
32986e8a5e646091589e208f418654bb175a6414

SHA256
a4434bda5109e7a0fc81e236b69c958aa445430771e7619c316df9c2b68550b5

SHA512
6c24249e1e670fe9445ab9444d562bfe13745863cba0cf658a3a469542f7643e6ff3bc53eaad9351980cbbcd27b8682bd71784976d59cdc28faac7d41c0043fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe

Filesize
468KB

MD5
4c161053d039c09342ab5e1b646541ab

SHA1
416f723446bdd287523bf89fd197f0a734ed540e

SHA256
52a5df73aebdfd6b73047406acccf7089b47005d2b5ec17a83a4922d873355ed

SHA512
ca7d03c387580994c145b4becb22bc5cd7d524e507808faaaec2210813eecacd4dcc9ecd3c40a60044f214e39a0ec740b32dd0a59d32076e03b8e3cbb246efe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe

Filesize
468KB

MD5
febd45c804ceaa5b526878c50131045b

SHA1
1a8cb8cb051e870f7af8679a090f7615dedcf401

SHA256
db967081ff94649b09e6ed464a8bf2eb92e495431e1626a9f05db07d40c2752b

SHA512
6fdebd3b31eb96b5e44d32d384ab24a0a61acef13574f2d06854a2b872920fff597a85533653c4489ee6ab1f706ef38c2ec641efc5156605f9578444099de048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe

Filesize
468KB

MD5
2a22917866686e864d88c121f29ba912

SHA1
53547409668c112943daa7a4910dd9a026e93cf4

SHA256
32205c286a33976612b577bab8864ac2d7bf21aca3ceb9c0a774abf6f59bb91e

SHA512
6a6c92a30ad02cfed51807bdc5da06c777d9a2b7abf45cd1422067393a7fdae48ec58912140fb01f6a1f22f865c7d5b0c41b0d7877c3fa6219a3ff881f524ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe

Filesize
468KB

MD5
45d2da3575073e56c138420ecc9c08a1

SHA1
06f5c4a8cd1b10fd85f916e1ffc37a33975eb491

SHA256
8bcb4fb4e82875b13c0475f9628c49218d2eb172a318b65a04d53e232cfabc28

SHA512
cd39c582a9abcb3f4737515b39b0b42e6c06678f16c5fd9aef47f176789dbd0ffb7e56e659272fbf695fa2b977caaec39ea0cb640e3ee4b2a890417096583d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe

Filesize
468KB

MD5
b18a824e62cec2b8b830b0a63e0551fb

SHA1
8ee5181b0763dd2c509596c22504724e82764e73

SHA256
d7f4704f2aa83254a03c6ddc38e60eb6fac36f7f1d9f836c39883b6988e83522

SHA512
19c9d5e33620335b6e1579b325e053ead61aeb9a19d1bf5dc1d1a8be23a63e2903b0eab9b306af61b65615c2b0f4d20cf77efe0cb111d17a60bb5908478de463

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe

Filesize
468KB

MD5
ca54f9dd128798fca208780c5348cc84

SHA1
b8db69bbace57ddd07933fa5ff9d018f83458daf

SHA256
d41e87f81c95063fd1b03f21ab4f708ee5e1c3063a4d50fb8f7d72b7ec1042cc

SHA512
031fe35a5a07ab0073e9c1a47c707acda0a7131b7efc7f6f5866d48beb52297069e0b6003fe00c86333c9848b524baf56e57ef22fd4d2138cfa2fc00563dc0ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe

Filesize
468KB

MD5
4a3e34ea94ada4b447416d7b16b24d36

SHA1
8dbfe449738a5440ea645f150eed02bfe72e0744

SHA256
c401294b26cbd068c33f173f28ad138c2c141073f940ff8650ad610b97989f27

SHA512
f72abd8b690e8799614bc7527ea5587900f4540f2754f6fbefe1ff2f932a7710988e051e15f1169227c3948e10103cce5064af1482354dce13e0ee049cc00dfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe

Filesize
468KB

MD5
3cb86874636386ff07f8ae73fcb8d1cf

SHA1
51e20b16e352653852db40ddc6459d1309da1fa5

SHA256
593d8dee3ca219e6790855a09400d5d766f49ea09881d65a965bbb0b6b65551a

SHA512
f200f34d37d434f75c8415488821af2be53f056c71f575ab8f5eb153b4874608c70eb8244f09b89ef100e0177d59c60c61c07e9a50cfd599155ed4378dd2e03c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe

Filesize
468KB

MD5
9653035a99349d3eee608ef426d47b1d

SHA1
438fc98dab3eb77f1ae4413e49a04fabd63335d4

SHA256
856263354a6f322cc2d293df11bc58f928d53578e00c47ebb5b7634494fd96fa

SHA512
86d1c4068b367b40650751f6ec6a9534e63bce2cea204224653ae505209aa5e75228030a19a1f0514b7d0726eaf7c463de74f57eacd93f5116e546f2779b4261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe

Filesize
468KB

MD5
0e01e927ce786245dc7fe0287195cfde

SHA1
e8a7301dfcea4edcef76f87b210dfc15bdcb20a8

SHA256
0632bfd79706f441fd387a0a05cec52a4a255c7a086dd218d5276e255d48ca8b

SHA512
78617ef69ff831ae417c424d0c299eefcc9f2beea951e3c28a1a5a54cccccd9c51f894fd81aac7d16ab66282054e1e5aae4d9bcdecb6554956f499b2f8ee8ebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe

Filesize
468KB

MD5
241b4f8f2e4e78cbfb3c2140bdd91888

SHA1
37192462d10541c2cf9c46d3abd2cc24410e3cc7

SHA256
41193f98c52fbfceab94dbdbdb5d4fe36097c4f210c0d8171333d8e9c4c16ec3

SHA512
6f707c106afd307cef2710f8e7c13b208b40cf13fca14170d43643db6b220347f63bde93a21d762d05d6669747d6fd6a9b5c23c2f7fa9ad076aae05ec0d6c686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe

Filesize
468KB

MD5
36487e8f766b8dbac73392a005138bb1

SHA1
e7096c4e86b81620a4f3dd90ffc59a54948bd8cf

SHA256
e8e104f26b5571b8b294d0547ebf563f8ff12b13820eb435bf68735847d64441

SHA512
bb107a67e595c6b4ad5cbdbeefe3aa4b22a37e602c942f36a71fb11298ed8a9f191a4f42f02ea0e996a794d95e0158372082caa6e3bf6ac83358a1a3edda1ed3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads