58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c

Analysis

max time kernel
119s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe
Size

468KB
MD5

c900b13e536cc7bfa17b67c2ea94b552
SHA1

f5f22f32e2c835804fd5282240c86219a738041a
SHA256

58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c
SHA512

17f0f2431011ad5e9722149a52268bf56aa2ae51b305786dd59cf4891415501f059bdff23d05fb0f327b087dcf6d100a9c0b56a4f12cfacd39d812076403a2ca
SSDEEP

3072:d8X+oOh+JC8e7aYRPcwvrf8/BCeDZ4pDhdOeZVrAgEiNXvvcgsY1J:d8OoN7e75PpvrfqEVggEufvcgp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2900	Unicorn-64065.exe
5072	Unicorn-7568.exe
4888	Unicorn-20375.exe
4928	Unicorn-10552.exe
996	Unicorn-47864.exe
2324	Unicorn-50433.exe
3820	Unicorn-44303.exe
5092	Unicorn-53033.exe
3508	Unicorn-303.exe
3032	Unicorn-20169.exe
3268	Unicorn-3832.exe
3740	Unicorn-37273.exe
2828	Unicorn-37008.exe
1608	Unicorn-14614.exe
2240	Unicorn-58248.exe
2992	Unicorn-6528.exe
1712	Unicorn-2807.exe
3464	Unicorn-21905.exe
116	Unicorn-26543.exe
5084	Unicorn-64857.exe
4076	Unicorn-48905.exe
3196	Unicorn-29039.exe
3368	Unicorn-15775.exe
5032	Unicorn-16041.exe
4752	Unicorn-12511.exe
1560	Unicorn-6150.exe
4876	Unicorn-8950.exe
2412	Unicorn-9792.exe
5096	Unicorn-22599.exe
4552	Unicorn-42465.exe
1620	Unicorn-20574.exe
3620	Unicorn-21359.exe
3012	Unicorn-21359.exe
1176	Unicorn-21359.exe
3872	Unicorn-7135.exe
836	Unicorn-64769.exe
3840	Unicorn-64769.exe
1916	Unicorn-56409.exe
3336	Unicorn-28270.exe
1628	Unicorn-14535.exe
4640	Unicorn-21743.exe
4648	Unicorn-3072.exe
3928	Unicorn-27577.exe
2500	Unicorn-26622.exe
1000	Unicorn-29422.exe
2576	Unicorn-19793.exe
1168	Unicorn-29998.exe
2980	Unicorn-11167.exe
4960	Unicorn-60633.exe
2876	Unicorn-60825.exe
3920	Unicorn-27769.exe
2716	Unicorn-10472.exe
1700	Unicorn-39807.exe
2256	Unicorn-23279.exe
4056	Unicorn-17679.exe
3412	Unicorn-28345.exe
1340	Unicorn-19985.exe
832	Unicorn-3767.exe
1828	Unicorn-49704.exe
1924	Unicorn-45095.exe
4212	Unicorn-22999.exe
876	Unicorn-59585.exe
4812	Unicorn-33737.exe
2540	Unicorn-27606.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
8424	6136	WerFault.exe	206
16140	14928	WerFault.exe	725

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43569.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1004	dwm.exe
Token: SeChangeNotifyPrivilege	1004	dwm.exe
Token: 33	1004	dwm.exe
Token: SeIncBasePriorityPrivilege	1004	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe
2900	Unicorn-64065.exe
5072	Unicorn-7568.exe
4888	Unicorn-20375.exe
996	Unicorn-47864.exe
4928	Unicorn-10552.exe
3820	Unicorn-44303.exe
2324	Unicorn-50433.exe
5092	Unicorn-53033.exe
3032	Unicorn-20169.exe
2828	Unicorn-37008.exe
3268	Unicorn-3832.exe
1608	Unicorn-14614.exe
2240	Unicorn-58248.exe
3740	Unicorn-37273.exe
3508	Unicorn-303.exe
2992	Unicorn-6528.exe
1712	Unicorn-2807.exe
3464	Unicorn-21905.exe
116	Unicorn-26543.exe
5084	Unicorn-64857.exe
5032	Unicorn-16041.exe
3196	Unicorn-29039.exe
4752	Unicorn-12511.exe
3368	Unicorn-15775.exe
4076	Unicorn-48905.exe
1560	Unicorn-6150.exe
4876	Unicorn-8950.exe
5096	Unicorn-22599.exe
2412	Unicorn-9792.exe
4552	Unicorn-42465.exe
1620	Unicorn-20574.exe
3620	Unicorn-21359.exe
1176	Unicorn-21359.exe
3012	Unicorn-21359.exe
836	Unicorn-64769.exe
3872	Unicorn-7135.exe
1916	Unicorn-56409.exe
3840	Unicorn-64769.exe
1628	Unicorn-14535.exe
4640	Unicorn-21743.exe
3336	Unicorn-28270.exe
1168	Unicorn-29998.exe
2576	Unicorn-19793.exe
1000	Unicorn-29422.exe
2500	Unicorn-26622.exe
2876	Unicorn-60825.exe
3928	Unicorn-27577.exe
4648	Unicorn-3072.exe
3920	Unicorn-27769.exe
4960	Unicorn-60633.exe
2716	Unicorn-10472.exe
2256	Unicorn-23279.exe
1700	Unicorn-39807.exe
4056	Unicorn-17679.exe
1828	Unicorn-49704.exe
3412	Unicorn-28345.exe
1340	Unicorn-19985.exe
832	Unicorn-3767.exe
4212	Unicorn-22999.exe
1924	Unicorn-45095.exe
876	Unicorn-59585.exe
2540	Unicorn-27606.exe
4812	Unicorn-33737.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2900	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	89
PID 2556 wrote to memory of 2900	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	89
PID 2556 wrote to memory of 2900	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	89
PID 2900 wrote to memory of 5072	2900	Unicorn-64065.exe	93
PID 2900 wrote to memory of 5072	2900	Unicorn-64065.exe	93
PID 2900 wrote to memory of 5072	2900	Unicorn-64065.exe	93
PID 2556 wrote to memory of 4888	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	94
PID 2556 wrote to memory of 4888	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	94
PID 2556 wrote to memory of 4888	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	94
PID 5072 wrote to memory of 4928	5072	Unicorn-7568.exe	97
PID 5072 wrote to memory of 4928	5072	Unicorn-7568.exe	97
PID 5072 wrote to memory of 4928	5072	Unicorn-7568.exe	97
PID 2900 wrote to memory of 996	2900	Unicorn-64065.exe	98
PID 2900 wrote to memory of 996	2900	Unicorn-64065.exe	98
PID 2900 wrote to memory of 996	2900	Unicorn-64065.exe	98
PID 4888 wrote to memory of 2324	4888	Unicorn-20375.exe	99
PID 4888 wrote to memory of 2324	4888	Unicorn-20375.exe	99
PID 4888 wrote to memory of 2324	4888	Unicorn-20375.exe	99
PID 2556 wrote to memory of 3820	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	100
PID 2556 wrote to memory of 3820	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	100
PID 2556 wrote to memory of 3820	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	100
PID 4928 wrote to memory of 5092	4928	Unicorn-10552.exe	101
PID 4928 wrote to memory of 5092	4928	Unicorn-10552.exe	101
PID 4928 wrote to memory of 5092	4928	Unicorn-10552.exe	101
PID 5072 wrote to memory of 3508	5072	Unicorn-7568.exe	102
PID 5072 wrote to memory of 3508	5072	Unicorn-7568.exe	102
PID 5072 wrote to memory of 3508	5072	Unicorn-7568.exe	102
PID 996 wrote to memory of 3032	996	Unicorn-47864.exe	103
PID 996 wrote to memory of 3032	996	Unicorn-47864.exe	103
PID 996 wrote to memory of 3032	996	Unicorn-47864.exe	103
PID 3820 wrote to memory of 3268	3820	Unicorn-44303.exe	104
PID 3820 wrote to memory of 3268	3820	Unicorn-44303.exe	104
PID 3820 wrote to memory of 3268	3820	Unicorn-44303.exe	104
PID 2324 wrote to memory of 3740	2324	Unicorn-50433.exe	105
PID 2324 wrote to memory of 3740	2324	Unicorn-50433.exe	105
PID 2324 wrote to memory of 3740	2324	Unicorn-50433.exe	105
PID 2556 wrote to memory of 2828	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	106
PID 2556 wrote to memory of 2828	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	106
PID 2556 wrote to memory of 2828	2556	58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe	106
PID 2900 wrote to memory of 1608	2900	Unicorn-64065.exe	108
PID 2900 wrote to memory of 1608	2900	Unicorn-64065.exe	108
PID 2900 wrote to memory of 1608	2900	Unicorn-64065.exe	108
PID 4888 wrote to memory of 2240	4888	Unicorn-20375.exe	107
PID 4888 wrote to memory of 2240	4888	Unicorn-20375.exe	107
PID 4888 wrote to memory of 2240	4888	Unicorn-20375.exe	107
PID 5092 wrote to memory of 2992	5092	Unicorn-53033.exe	109
PID 5092 wrote to memory of 2992	5092	Unicorn-53033.exe	109
PID 5092 wrote to memory of 2992	5092	Unicorn-53033.exe	109
PID 4928 wrote to memory of 1712	4928	Unicorn-10552.exe	110
PID 4928 wrote to memory of 1712	4928	Unicorn-10552.exe	110
PID 4928 wrote to memory of 1712	4928	Unicorn-10552.exe	110
PID 3032 wrote to memory of 3464	3032	Unicorn-20169.exe	111
PID 3032 wrote to memory of 3464	3032	Unicorn-20169.exe	111
PID 3032 wrote to memory of 3464	3032	Unicorn-20169.exe	111
PID 996 wrote to memory of 116	996	Unicorn-47864.exe	112
PID 996 wrote to memory of 116	996	Unicorn-47864.exe	112
PID 996 wrote to memory of 116	996	Unicorn-47864.exe	112
PID 3268 wrote to memory of 5084	3268	Unicorn-3832.exe	113
PID 3268 wrote to memory of 5084	3268	Unicorn-3832.exe	113
PID 3268 wrote to memory of 5084	3268	Unicorn-3832.exe	113
PID 1608 wrote to memory of 4076	1608	Unicorn-14614.exe	114
PID 1608 wrote to memory of 4076	1608	Unicorn-14614.exe	114
PID 1608 wrote to memory of 4076	1608	Unicorn-14614.exe	114
PID 3820 wrote to memory of 3196	3820	Unicorn-44303.exe	115

C:\Users\Admin\AppData\Local\Temp\58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe
"C:\Users\Admin\AppData\Local\Temp\58a329768b73d00b6616290c4b228e9799330e0946fd8a8bd928ec6a177fb61c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        10⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        10⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        9⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        10⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        10⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        9⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        9⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        9⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30902.exe
        8⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        9⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        9⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        10⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        10⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        9⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        9⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        8⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        9⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        9⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
        9⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        9⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        8⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        8⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20943.exe
        8⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        7⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        8⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        8⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        7⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21750.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        9⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        9⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        9⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        8⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        9⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        8⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
        7⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        7⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        7⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        6⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        7⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29454.exe
        6⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24774.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        6⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44713.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9231.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        6⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        6⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        7⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32743.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        6⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
      4⤵
      PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
      4⤵
      PID:7556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        9⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        8⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        7⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21536.exe
        7⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        7⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        6⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        6⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        7⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        6⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        5⤵
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        7⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        9⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        7⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-455.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        5⤵
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        7⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        7⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        6⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        6⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        6⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
        5⤵
        
        PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        5⤵
        
        PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        5⤵
        
        PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
      4⤵
      PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
      4⤵
      PID:7012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        7⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        7⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
        6⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        7⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        6⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        6⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        5⤵
        
        PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3990.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
      4⤵
      PID:16160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64193.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        6⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
        5⤵
        
        PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
      4⤵
      PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
      4⤵
      PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
      4⤵
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        5⤵
        
        PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
      4⤵
      PID:16116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5007.exe
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58745.exe
      4⤵
      PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
    3⤵
    PID:11392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
    3⤵
    PID:14656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
    3⤵
    PID:5216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        9⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        9⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        8⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        7⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        7⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        7⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        7⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        7⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34359.exe
        6⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48777.exe
        6⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        5⤵
        
        PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        7⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        5⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64193.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        7⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        6⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
      4⤵
      PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
      4⤵
      PID:14928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14928 -s 220
        5⤵
        Program crash
        
        PID:16140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        6⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
      4⤵
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        7⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        6⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30887.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        5⤵
        
        PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        5⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        5⤵
        
        PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
      4⤵
      PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36294.exe
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53984.exe
      4⤵
      PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
      4⤵
      PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
    3⤵
    - Executes dropped EXE
    PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
    3⤵
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
      4⤵
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
      4⤵
      PID:15992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
    3⤵
    PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31753.exe
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
    3⤵
    PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
      4⤵
      PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
    3⤵
    PID:12296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12191.exe
    3⤵
    PID:16124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        7⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 636
        8⤵
        Program crash
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        7⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16304.exe
        7⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        7⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        7⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        6⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47705.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        7⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30648.exe
        5⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44609.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50793.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        7⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61608.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        5⤵
        
        PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        6⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        6⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64472.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6807.exe
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
      4⤵
      PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
      4⤵
      PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
      4⤵
      PID:15860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
    3⤵
    PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
      4⤵
      PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
      4⤵
      PID:15152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60775.exe
    3⤵
    PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
      4⤵
      PID:10760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
      4⤵
      PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
    3⤵
    PID:9756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
    3⤵
    PID:5268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        6⤵
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        5⤵
        
        PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      4⤵
      PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
      4⤵
      PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6544.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47351.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        5⤵
        
        PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
      4⤵
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        5⤵
        
        PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
      4⤵
      PID:13948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
    3⤵
    PID:6140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
    3⤵
    PID:5900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
      4⤵
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        6⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47223.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        5⤵
        
        PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
      4⤵
      PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
      4⤵
      PID:556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
        5⤵
        
        PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
      4⤵
      PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
      4⤵
      PID:14844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
    3⤵
    PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
      4⤵
      PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
    3⤵
    PID:10664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
    3⤵
    PID:14400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        5⤵
        
        PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
    3⤵
    PID:7036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
    3⤵
    PID:10452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
    3⤵
    PID:14340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
  2⤵
  PID:5892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
    3⤵
    PID:10516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
    3⤵
    PID:13528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
    3⤵
    PID:5392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
  2⤵
  PID:7448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15143.exe
  2⤵
  PID:10824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
  2⤵
  PID:13812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
  2⤵
  PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6136 -ip 6136
1⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 14928 -ip 14928
1⤵
PID:15004

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe

Filesize
468KB

MD5
dd88e9e9ee2682627741466c878b412f

SHA1
0cff3fbe5d10c01561ed6c6be7a828444c66b973

SHA256
68a098a80ee1b62904046bc9761baeb5407ee759ec44c5a44c2f498ba2dbf048

SHA512
bfd566ad06608c0689497a3af74b1d32a047fc72b1c11404f75a461ce4e6410160f5fad03118ca92738b761d19dd24f0322f780ab812f0442f36ac36f948f526

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe

Filesize
468KB

MD5
e44a9224c9689bb70b5a1f6f8788443f

SHA1
379e33312915cb6834abb9ab6ec2a6e32c719128

SHA256
9b4b45cb821251ca07700f54867af899757f3ab2990f67595460824d46ca6215

SHA512
5e394a448017f8ba7ad525c9c0e559cdf1cbfa3a3a6fc5030829802fdc47e89b82156d9afb829ec6ca6f14f229a7212bec545cbf308d4858be30d379cae0851e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe

Filesize
468KB

MD5
a3b8ea49879232b82792318f14d5c7c0

SHA1
699981a6cff71a24ef80b4106cbe82d1d18b2cc4

SHA256
18ec4221d9efa4ec664a265b05de2ca04c47242e2c14057d3a7705ab6c10950f

SHA512
c5d8201990b29340bc67ef2b9bc4da7bb7a0bd0b3340a43c20f7b0aa1f3d48e6517fa00e8c94a26bebf762d2311c2b97522e7e827749910bb0284e9dd6717874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe

Filesize
468KB

MD5
c5f0d839eb9acd3b655ba585eef203ef

SHA1
a7d974e33b09b1c044950fb0ea3c7f9ffab1dd89

SHA256
c27ff98a3ca862108b0909d74fbc6cec297ce46c3870b79f7ae2ad1c861c4a44

SHA512
e7223c942d303f133b8bdac85149433585766f395351cdd81eb4008f9853d0876a260763769a364cb70cc22f1f95466924135702b39759356a1a92d38a46afe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe

Filesize
468KB

MD5
08d277fdab3c3ce1a483d10b2c935ee5

SHA1
d4e8936d9f51026cad622363c9d06bc191e5ef53

SHA256
98010593fbbe0ff99931c0add22bfe10ddb0c33b3168beb340e039c49f75493a

SHA512
4da89ac402920d7b0655ff8610b67a6c934f13694d331689e8c7717cd7f5512901dce8588416f833521f36cc249da530208dee4d7ea1f86419632b5efe4f5556

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe

Filesize
468KB

MD5
57621171d0b66710c4a6f66df2524182

SHA1
884a1389c2582ade4ad9939e424458a606ce949c

SHA256
bff951a7668aa94c92cee82c0033ba938b50931c14f5a6e9a502037537cf14bc

SHA512
0b3a95cc3cfbc2e73ad6958bb5260bfc1a5d698a308a09c26936837b9ed9911fc2d3cb25a3977bd02db9bde242b5edb6c37e4fd88ea81460ca6fde792241d91e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe

Filesize
468KB

MD5
5f9cb73e8e2d2915115391372c4926bc

SHA1
08f96a90b46c5d97963a0b770109f585940cbcee

SHA256
ff147833fd8f73bc02f9de14b5eb5bc85a359529b43681b20a9a846e4334a4a4

SHA512
792764f87003046af50414beed204b3cdfc2a58f317e2ec610171e5907de9b4708ebfe248ffa0846e3abf35c54e211ee7207e2b457efbfce452160382fdd23c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe

Filesize
468KB

MD5
c347835370a845027039871014991e3c

SHA1
eaa54aba0218715b90e4069f9553a7c510d1d1fe

SHA256
155a0d24be67ad8ef6cae53c1f9510cfc805660e877de81bae46ab2c63f443ab

SHA512
c84659a94e634b28561cf0f255cacd4877e2d72c02d484db0c2472520986bda4c640d241df6d96cd3e67b350b33477cc21efe3f4d8f2c9ca7a24922b7a8e09db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21359.exe

Filesize
468KB

MD5
c9880a148cefb1bd0179198e0b93fe23

SHA1
b7ccd2dc0a388d9b16aae82e8e77fdce316664b2

SHA256
2277ea372687911b3e5e226c73604c4f38fd91d14a6318500b1305f2197485e2

SHA512
3e31732ce9abecf811e6e13cb3326e2833097ed00d1a695fbd39c3f17dd6996847a2c6f657bb8697e41b9defaa0ff76374f8546050ffdf7a7513addd17035234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe

Filesize
468KB

MD5
52c2bdcb13c6c080d437440b41b443c3

SHA1
0cf3e8b2e1c7cb11560d480482d6c68905a505c0

SHA256
897af009bd10ad214a40a8fa7b1eedc0fef2deeb1626bf16d347a2e6b2a38853

SHA512
9d7f4f8e21c31ccb9e690ae7f1cea2b12c159f15281bdc1c50cce969bcc32a06edccdeb8944272b842a74b812e5368d914af68dd813c878608c496a971db7c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe

Filesize
468KB

MD5
e0988855b295d285e8694f3e2a70d463

SHA1
3c62d97015f2d0a14c078ac73f82816321b6de3b

SHA256
f8f587510be5d7fd561679362158360627000de9a930e875f02749a3212b1152

SHA512
35daec2b0294e5df7d7cc666a7470d0d81825c225be270bf31dd137097bf615caf5e80a7d64684705310e9c49bf58049b27626b277515ea0a909e0c8adf950e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe

Filesize
468KB

MD5
829b2cc789d84f7513bff0bb3f033a61

SHA1
a1a24435a187b9d54ffcd42c94e6d799334669cf

SHA256
4d7811f607ed01feddf0e40f4a87062a77ecec9093af3557763fadd0f613b12c

SHA512
58fd5262508ade3d6dfd8920519770c1803817817b96ba4f06f43684b3c8a311d8b151f7e33fa410d30cc470f1466e2db5b2ee355e018c0082b1675203d6a67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe

Filesize
468KB

MD5
1db9970de3b1a5e684b9fb4401085900

SHA1
f07c58d221c52330a932a6fc9fc0084081beac00

SHA256
dbe781b8f362d6e4fc2b3107dcb372528d02da50b1d5e33577330d7f3d2b0158

SHA512
6fc40d2d44f795c96997fd08492ce0d9f99cb2b7f15297b947917c09772a25cec20488ccbb3dec29218d2f7fdca0b5297d469c2b8c26a197363ca410334c2a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe

Filesize
468KB

MD5
5ec683fda0477cc034eb1dd0215695ad

SHA1
c8ee182316b2d6de1b1ef7486ce8be2e9b5b71d6

SHA256
4dcec6c99881ccf1a665e8b8c61186f23c68ae949fca6dd30706c4ef1829a919

SHA512
2076741ece9fe10307ad6c25fbdb187e68644f17ce7001d16fbfe4d8051d5cc7ead668d418fa08a4ea37125bc3b23d614c427ef70ffa74ddcf22ff95c603fbdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe

Filesize
468KB

MD5
834219cf69bf6470b96b72ac945b306d

SHA1
4808b232dedb5dec5d6446e2d7eda7a4ebbd769e

SHA256
e08d7b0f25775e7f68b576bb7237d276963d5be1da12ae0fc7e195718149781d

SHA512
a8c19c0af73827e566399797fd21da16f693f446af56e878c5908a8cd9e8de08a426de0edb4af0d62f0befa5f7cdef8ed50908cdfe2bc20b2471672207012ce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe

Filesize
468KB

MD5
5983b986cc6bc0d77ae5cfcef4b4987f

SHA1
b3a8380cc574e629d06b015c4e71c55c86ee010a

SHA256
37de57f82f7f0fb81c4d3c51c2b0b685cf004d11083ecd8da17b8d6f2e3189ed

SHA512
f08614e6a0cc11a404988097a2368c6c97c2cc8f834e01239475763d0e7fac39615aaa812af9e01e0c479889030e1c46cc5ba1917d313f5f4c4a72002aa40384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe

Filesize
468KB

MD5
e938278dce4afe59bca5c5852536cb71

SHA1
66ffea936eb17bc2a86d9b1baac36f1863b8e237

SHA256
8f7fa8c44c8a9935df27dccae88700b589a892e49624ce7f44b45fd434d3653a

SHA512
f411cb67e2fc80a20ba573c0fd1a215300aa85e76a748cdde992af40e31b6363521bfc3b93b0d861a9be05fccb4aadec30826679d3be58b3be1a78d6c4e60916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe

Filesize
468KB

MD5
16a51c80c41d9d1e8fca196f8640c122

SHA1
2ff91da771ab9ed4b55c8cfde1f078c60023749d

SHA256
52d119ea1948dfaf9496949a8991d5eb5782059fd656e277b7303bc32ac8cd86

SHA512
98c7755dff7e57b9c4c85781c9fcff2e74471fdc0f16b1c0ca6694cb53e7171b85a72a7952d74be041c9f9632ca2ae320a4378887360c227c04db6b3b55cdfb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe

Filesize
468KB

MD5
27b16928997771874a05cf178a6e842f

SHA1
676c13e13d3382a3be4163d37ef70dd4cf53b133

SHA256
007972db41ca7fd8f219dce21adbd34d04b3dce2c97887f3cefa102b194c545a

SHA512
4087faf0b090947f8b4a2168704af0db49d86a05de2c1a1086f111abf6881bc21419e7a1d3c684c2ab40827c20989f37838ac700429169eb1ded817e1d095583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe

Filesize
468KB

MD5
09ed442695d4ad55afa948d80b053a2d

SHA1
c5d097b4b0ceaed588136538aad4bd392371aa39

SHA256
08c413fadf755ef242347cae6a2ae5b8a76e5c0c5da848abf78d2764be102f07

SHA512
838ec3563dbf86a7e1a7eb438ef6edb4673bd1cf59ee0fde3fd9155a8414377dfd24715bc307b9a42c364a711a53dec336c0719e1bfa53ac444e4d564b476937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe

Filesize
468KB

MD5
476efc486dc595b07fd52c87b934e42d

SHA1
4706fe4122c538a237f5ada9cbec4a0afdf2effe

SHA256
49eb62032ed23fcbb2167e363b8742bf4107f40b2b072f71630461a25e304f52

SHA512
20d00090724d1c07c8cbd8eaa7618ca5ecc9e46b6d84b4469efdeaa02770bfd5cb4fb150574ed53bacf2a1d9eca7c2a571f04a98634a675e790e2164a678d8d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe

Filesize
468KB

MD5
b0f02ba8024ac871673a22d6a713e7fe

SHA1
89a59a707aa8ba51a32be79faf4aaf143affde57

SHA256
1fd3d8b8117d5bc9254879506250ea12803e33365ff933755582dc99a703f0e0

SHA512
41aaffa04b70c349d86ae2c3087ac7fdfcbe568fe87eea8c61909c4ce5aba9acddc8ac3ceb7d60b120592b2131b44562c901d43272327a61ad24628ad0cc71b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe

Filesize
468KB

MD5
831cd34aff200d47cc2b1ccfdb9cdff2

SHA1
6d5388e7be7196566458620199dfc0ed25558740

SHA256
8b365376112b075bb565c6f5418b95b02fb9f18fdfa5f373b0e156dff7428bf8

SHA512
01536942b9b5d33b984221aa74473f1b0462a59e1ab8526087898f1b975f7bca012ec563f4f3ddce3ead785bb7ed713410d006d3319619b12b3e585a25778291

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48905.exe

Filesize
468KB

MD5
dfacb9b958d188cad6359f7ed9e74eec

SHA1
e9b0a8a7dce7f954cccb5e1be834ef11cb4027e9

SHA256
fa345278c594ec39dd8d8deb045fa63c953b726a5cc9ea93206db5982ec5155c

SHA512
adebc63e1b9866d42874a137bff2fd62f4d64161c260032777d4eb58467457edd6f11ecb5db25734fa73a8027e793856d5f4fdd26b5d537d6044c73a34a77bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe

Filesize
468KB

MD5
62785d5207b6b0190a8adffdebcd2596

SHA1
3fb51789c0c863cfe906eebe9d71e56e13ec0cc1

SHA256
985d793a553eddf6f50bcd967b8a65ee8556234a3cd79b3723bf37db0ea975f2

SHA512
77b10b39fc410f3a1bce7b9855ce3a01ef4d430f62324941a4d94f436c8f794c1950b54fd81b20c24ddaa508fa39b933c716a1528bf62aae80cbc2c64f5bdf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe

Filesize
468KB

MD5
93493132827fa71c43baf2e8d7e1fad8

SHA1
f258fa281db4194c18ac06f4a62ffbe74a8b8b24

SHA256
3153d943ac31202aff29def5900e6bf0073511966f22494cde6f53eb5c94937b

SHA512
1875b860b63b087778bb80ff133c40b15eba117b72f8cbc4fcf2d201aa71c8bbfbd07ca9d66b271e940f1d357f49821049985e648c8a56b9428045c4ec029f11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe

Filesize
468KB

MD5
fe1bed7363bd427dd16ebdb3fcf99bb8

SHA1
48a3f0a32622d47e4b0baf30b700efb86faf46d5

SHA256
9ab67d9cca99d4f189f1642374fb946e1e41a7430500ff77b9c24f3597b91dc5

SHA512
20bbf872414369731f5adb8d86e060b1643e115914b940918b5a7a729f3187b1ac979582e3bf70e02fc6d3998c59dda70aca53d7935743fddb79c4fa763c223f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe

Filesize
468KB

MD5
2303ea1dc406d92fa19f26a4f6bd8d0f

SHA1
00730ce1d4361c92a4a66c3c2966dbee0b580754

SHA256
ce6158fd356c4eb0a7f326ba564e7eed2ba683a88d1e0501f3e7af1b0befd0d1

SHA512
76af547439363fe86e7305597f45845cf666b712c9597389932892cddb6b68c656ee7bde083a2cd63b66b6bcbca8d3ddb5a361972c39b0ffbfd998d74ca6f82f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe

Filesize
468KB

MD5
1b6a544bd1b7d4b794b9a24843e095bf

SHA1
741dfa282a60a2a7b3d31537c79e221b3cc2b445

SHA256
7c72bec5e36f058507fcdac3353e3cb7a72bc2a5692b3159d7f56346e7d0bd1e

SHA512
4422bac274492f4d2f400b304bb554227685b95ceda0bfa2c09f58be49c82c9cd146154664022f62fcad393490e02e148c7fcca5709720ff32f98ed1cadf5a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe

Filesize
468KB

MD5
ccf4d6d42086ff8556898ed7b4ca8e36

SHA1
97750c5e79da3f524769c348dbe7ac463e40322d

SHA256
6e5895ff883dca44436643da815c2eb6e9c862bc3e0e5a42ac5a7ecffef98b22

SHA512
abbd85117911f2dcb544ae2b0bce1641b1ae1c433f97c66b978eb972b2468e0277962e814dc4d1c0d203141227d23a17f52de9f100c8c3ac5e4ee388c6fa4d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe

Filesize
468KB

MD5
e54a0ec8aeb2358fb44ee1c67e14ee7a

SHA1
3af9a85a89130f00369e13a8e9deac0a2aba9a52

SHA256
06b65d88c35081761cb1a1796c107b56331d91d551be15f114ad6cbb0b4bfa57

SHA512
cb820c67cb0b806d99a6c9dafff932619e3624b0beaa5343f4f05edb203cf5c7495e109555643f1c4d5dfc0a8f5acf0ce75f549029d9ba728dfbf2af28fb74e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe

Filesize
468KB

MD5
399cfd8baa233e89603ea7ee173192d5

SHA1
487c27557ce345497841eb81b29cce57b85e5df7

SHA256
221855e75c513f629cf83d5c2eb7b0a031143d91d783d7a9a3dbf79ece0cc2e5

SHA512
36a61c7600bbc803b6119d06e9aadae465185cfff54902b7699e943759b2f17318f7aac4419b44abb4b82c58c7c7ba3f345827f51bc4d2d65863abd300dc7fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe

Filesize
468KB

MD5
e1b517964d61621a8cf8204bfa362ca1

SHA1
39c5516365b0f8fc49e0c843332ea347a0367858

SHA256
eb3eb05752df24c8acf4d4559bf3a80c30c327213bc8611edd703528950c2a20

SHA512
a46ac7926c36397712c2aae293a767fb35d7848a7647c3b7c01ac70f5f7af65d3169d138ea151cf10be94022b8f14e5ab3b076af9758106f7c72c2c6fbeb06d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe

Filesize
468KB

MD5
b6c76c052c4be71c2b708db7e971d97c

SHA1
c31c9f1ddd7c52bb0a4b7da4ac2fd336fd929c94

SHA256
2cc4e7f5d709d1ced4e0203f3cae685530c60423dca710b65e4bab3a808d06a7

SHA512
a0bf91d66e5553cdf59f74581930aefd0af3ff8569c2c6676becfcceb49c8a679ba03ea2348f17f9ea110acdf6cbb155282c9983fa133c249f0d3213ab70b357

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe

Filesize
468KB

MD5
1e92c7dc23aec985ed935a72a7ca7639

SHA1
d5f6865ea326c3c957f2fba178664c0493df401a

SHA256
e4abc15b8425ee7fe2160d1e233e1d6ba8d75e640fead7443906a709bb0b64e5

SHA512
2db661818fb8596e6225955622631b177793eeb5c3e4be488bd60607b4c7d9ba2bbcc7edba6dd55ae1cc1351c6d108ab2a56f8bc2e0295abd59151bcdd78f290

Download Submit
memory/116-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/832-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/996-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1000-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1168-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1344-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1628-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1700-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1748-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1828-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2256-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2412-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2540-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2556-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2576-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2828-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2900-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2980-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2992-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3032-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3196-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3336-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3368-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3464-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3508-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3820-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3872-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3920-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3928-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4056-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4084-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4212-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4524-2826-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4552-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4640-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4648-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4812-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4876-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4888-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4960-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5092-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-2898-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5180-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5188-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5208-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-533-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-536-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5320-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5348-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5356-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5368-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5404-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5424-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5476-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5516-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5820-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14388-2818-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14448-2819-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14812-2834-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15244-2901-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads