cb9a5ba48bd43dca0aaf8002339d0198db29730c54bed1f57cd4dcc6caca0506

Analysis

max time kernel
119s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baf9354353c39f14370ad8a600fa3220N.exe
Size

184KB
MD5

baf9354353c39f14370ad8a600fa3220
SHA1

9fb4afb773fb3fb842d87630468a67778268c209
SHA256

cb9a5ba48bd43dca0aaf8002339d0198db29730c54bed1f57cd4dcc6caca0506
SHA512

4842b88cb09eb783fc2af62b0f60255f7262f667324a85b29564732c61ec9b2bef06ff1b8086e1826abe72693e4e53f033d3211b4da331e8780a888798fdd89d
SSDEEP

3072:saY4SEoCSaNAdl7sfWizP8sZ0/lvnqnxiu+:sa1oW8l7sZ8c0/lPqnxiu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1700	Unicorn-39452.exe
4448	Unicorn-30381.exe
4680	Unicorn-1278.exe
2368	Unicorn-57153.exe
640	Unicorn-45456.exe
964	Unicorn-65321.exe
4456	Unicorn-59191.exe
3840	Unicorn-3432.exe
552	Unicorn-3987.exe
2480	Unicorn-27937.exe
2832	Unicorn-22519.exe
1972	Unicorn-20737.exe
4896	Unicorn-7002.exe
4288	Unicorn-36105.exe
3972	Unicorn-6255.exe
3736	Unicorn-46349.exe
4520	Unicorn-17246.exe
4372	Unicorn-17569.exe
3888	Unicorn-19606.exe
656	Unicorn-24668.exe
4260	Unicorn-24668.exe
4416	Unicorn-50241.exe
4428	Unicorn-50241.exe
1576	Unicorn-47126.exe
4284	Unicorn-38543.exe
2120	Unicorn-33390.exe
5032	Unicorn-52991.exe
1940	Unicorn-44326.exe
1952	Unicorn-61097.exe
4616	Unicorn-45730.exe
1480	Unicorn-6551.exe
4436	Unicorn-7.exe
852	Unicorn-48461.exe
3084	Unicorn-32679.exe
3808	Unicorn-13550.exe
4196	Unicorn-53889.exe
4832	Unicorn-1159.exe
332	Unicorn-15680.exe
4220	Unicorn-19498.exe
224	Unicorn-49421.exe
3352	Unicorn-33639.exe
1060	Unicorn-23656.exe
2356	Unicorn-2274.exe
1808	Unicorn-56328.exe
2668	Unicorn-52244.exe
2644	Unicorn-16365.exe
4980	Unicorn-60412.exe
3900	Unicorn-583.exe
3080	Unicorn-583.exe
1232	Unicorn-19686.exe
4400	Unicorn-28617.exe
2204	Unicorn-3598.exe
3112	Unicorn-19380.exe
2228	Unicorn-14318.exe
1660	Unicorn-44443.exe
3348	Unicorn-50308.exe
4328	Unicorn-50957.exe
5104	Unicorn-41720.exe
2884	Unicorn-21854.exe
1196	Unicorn-49623.exe
3436	Unicorn-30153.exe
632	Unicorn-32243.exe
4856	Unicorn-42872.exe
4532	Unicorn-58231.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	OfficeClickToRun.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
6236	1636	WerFault.exe	173
12560	7908	WerFault.exe	348
18752	4780	Process not Found	1016

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16233.exe

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	OfficeClickToRun.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	OfficeClickToRun.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\ApplicationFlags = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000fda6fed951182443ac7ff362f4e2c89500000000020000000000106600000001000020000000139cf9f7b1cf8deb7843e4918833fe1cf3ca1922ef70e608696dbececb1f9494000000000e800000000200002000000049fc593b67d3b1605760eff530649e87a2e53fa11e6c7ef5695947761eaf082df00300006c5e377a581240ef44fadfcd60b638915dbd376307d68a26e30154abe008f239e48ee765e6b4f9c0a3b48c667eec826c39a8de194169b82bcdf570d2e792d2bdc6bc1cee42629ee2e1c4f29a381c19933744c0b2cfa655a56c3d54e2d07cd91143212179f0b03c1e40b4f51401f630cf3f1564d3bd07c25e556c0fafbc28da757e7d67c602cf1cb26408add492631ec785eb5a38256971cc0d864ff06377093bae8b4de2e26da347d2e598c703572dfbc1cdbd32e8131e1057c6e624e334d712659214bf692c436699cca9aae5ef64b272f19ec1892bdc7c270932baaf017b16bb4bbf3eb341e8531b04da8e8b29f457b03ddad562b6d508235082b3e8625071970e28ffe70ad37b0ccad96eebcbeb93bf9382d6aba4ebd81605ff99f0d82d300e63778fa8fa4888dff11492608056b6be6bc08a747796eec652e275254d8e0eab756b3ef955599801ae2c1ebc4ff5dc9eb5b579bad600d785cb7c491acf6427790e3c71ab0569d158df5892337a7a1f840be4559b8af695706e8ec845b2522d0511be1254471ee96c1c7737742505cb75819f27475a78076f8f1fda6314345f7262c1e92d2779d2b019857bb30e7d6d9ec04d2ff6cdc6db47d0e312aebca6ce2c1ee2863100297145bb91a3e61652ef7b784f434336988248e3d19d04c0aa3cf83301812569794fcf910d5298a40b62a7fe213dc8b2f93a729b400c647b1bfcae9f266847cdab7777e60a84e33694b65e8d8265d7ce411b893a161eb5d433a8b53ae33accf7c9908d29fc43e7e0882b5ba70e90d079313e7ca72fd7956d7193d9be8d3e50a78221980b8c1764cc6c6df7534f4bd07f25fea940d725868399862eba09359d174bbb9bf72979055dc8f8593f115e53859d4bd1aaca99df2a5b66648cfec4f1edbbcbb341c06640f514a89d2b252d7698ecf6cd81f31ceff76e5f5342bf4a7c1446fbb82626b091ab68db8b3d4320f0d44a2d606ee72e32f86355c0e23c7e4d0458c7f85711146d60ef7277193807bc5550d1771900e67f857952b1b057b888ec7b99445a626ebf096f754c7d809254263c5ff98477511b15fd4ddcb6448caa22f5544b637214a0f935b68db923480394d35dbe69c042726ad539ed40ba1b15fa6fb6ea134d126b31af7d1ae33c5fdcdd9be67a8fe14cf456214f9ae12d460ad2db892b704d24359d2fa8b1485e3cd1a88b7fd170150d76b354ae5d10e25d67209ffac594d4984d3dfb216419a0a7d9ccf8e3949b3317a38ae6c9662b0a9ff130adde1b67ea23b445282dcfb134431be95b2d12112b57b179d46cd61a82fc5ded54659f22e2ab961849a6e0f235dd9c88bb924f0b13a9bfe03beba10a05f1fc2e2c7f1ee28f1a11867b30bd933272455ff4177f5ab7fea3ac33aac32c384c48d1c29078388cc9fd10678f40000000279e1d79fd3e182f0c2b03f9506eba42d8207baffcb5a2fe6f0641c5c9d3a149aaa6aa8db096213b4835ba0bd084082aab295fa28e4c66096b88bb1b468277b2	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceId = "0018400F39973B86"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018400F39973B86 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000fda6fed951182443ac7ff362f4e2c8950000000002000000000010660000000100002000000094a6ba48188571772d1b55bb137a546e06b29fc8cc94b1d9adaf452b61aa52c0000000000e80000000020000200000000777a96f98b210a2ec22044549397b69c7a667b1d982176173476514f964bb6e80000000fc48289560256849fd3aeb2240e632792b4d1c9cb155cc9cea35481cd6e2c08c4c0b8f33191a51dd328d207dc484fe8879f07cc7976c7d50c50ddf69e132b8c61acc34f3c69470135068e3b5f6279ba42911d2f44382ec9defddb0d7999d26698be16143c575fbed95c8dbe4fff6bb214a2e5de16d3c01797266ff402d0361ec400000002c7b40b5893d7d6914ef22df792ce1d31c61eb7f5aeed90bfa9a9e9ac14f8997a3a71a7eafbd146697aa2b8388e88bf7b6cce8f286c858bdfb914a90ca0548e3	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile\MsaDevice = "t=GwAWAbuEBAAUbVtUa9wjWgmEIwjX9d7dccnghw8OZgAAEBR4AWR9CC/cFBXCo2a6jOzgAED3nDV+FgtBwhQigk/Qam9HvbUhD7qmJN/iA3IAHiaa59EgWrfc7yO/qdEkHHoU8wgdrM2rTFjf+DRe6s3jUPhIUjn/pXQVoaf0sGxwgGjg0UH4RLpvj3XKqqMeuMcrW9m0ktM5oH2zGS5jlwZ1PpuuQupldI/Yinxq8Mc+NHDI8btzffyOHG9HGgnJtekx/GnLC42kX6dW5j6p0CpyABHMMA8XrK5A/4VmNxAYU8Rtfg+nUsxErT6ltvDY4+Bkscrj2Ha4WhqvmL7JEuBMo3NlKEY3bKSmg1NwiONNEIlvHgE=&p="	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
18244	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	320	dwm.exe
Token: SeChangeNotifyPrivilege	320	dwm.exe
Token: 33	320	dwm.exe
Token: SeIncBasePriorityPrivilege	320	dwm.exe
Token: SeCreateGlobalPrivilege	19616	Process not Found
Token: SeChangeNotifyPrivilege	19616	Process not Found
Token: 33	19616	Process not Found
Token: SeIncBasePriorityPrivilege	19616	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4292	baf9354353c39f14370ad8a600fa3220N.exe
1700	Unicorn-39452.exe
4448	Unicorn-30381.exe
4680	Unicorn-1278.exe
2368	Unicorn-57153.exe
4456	Unicorn-59191.exe
640	Unicorn-45456.exe
964	Unicorn-65321.exe
3840	Unicorn-3432.exe
552	Unicorn-3987.exe
2480	Unicorn-27937.exe
2832	Unicorn-22519.exe
1972	Unicorn-20737.exe
4896	Unicorn-7002.exe
4288	Unicorn-36105.exe
3972	Unicorn-6255.exe
3736	Unicorn-46349.exe
4520	Unicorn-17246.exe
4372	Unicorn-17569.exe
3888	Unicorn-19606.exe
4260	Unicorn-24668.exe
1940	Unicorn-44326.exe
2120	Unicorn-33390.exe
656	Unicorn-24668.exe
4416	Unicorn-50241.exe
1576	Unicorn-47126.exe
5032	Unicorn-52991.exe
4284	Unicorn-38543.exe
4428	Unicorn-50241.exe
1952	Unicorn-61097.exe
4616	Unicorn-45730.exe
1480	Unicorn-6551.exe
4436	Unicorn-7.exe
852	Unicorn-48461.exe
3084	Unicorn-32679.exe
3808	Unicorn-13550.exe
4196	Unicorn-53889.exe
4832	Unicorn-1159.exe
332	Unicorn-15680.exe
4220	Unicorn-19498.exe
224	Unicorn-49421.exe
3352	Unicorn-33639.exe
1060	Unicorn-23656.exe
2356	Unicorn-2274.exe
2668	Unicorn-52244.exe
2644	Unicorn-16365.exe
1808	Unicorn-56328.exe
4980	Unicorn-60412.exe
1232	Unicorn-19686.exe
3900	Unicorn-583.exe
1660	Unicorn-44443.exe
3348	Unicorn-50308.exe
2204	Unicorn-3598.exe
3112	Unicorn-19380.exe
3080	Unicorn-583.exe
4400	Unicorn-28617.exe
2228	Unicorn-14318.exe
1196	Unicorn-49623.exe
4328	Unicorn-50957.exe
5104	Unicorn-41720.exe
2884	Unicorn-21854.exe
3436	Unicorn-30153.exe
632	Unicorn-32243.exe
4856	Unicorn-42872.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 1700	4292	baf9354353c39f14370ad8a600fa3220N.exe	89
PID 4292 wrote to memory of 1700	4292	baf9354353c39f14370ad8a600fa3220N.exe	89
PID 4292 wrote to memory of 1700	4292	baf9354353c39f14370ad8a600fa3220N.exe	89
PID 1700 wrote to memory of 4448	1700	Unicorn-39452.exe	94
PID 1700 wrote to memory of 4448	1700	Unicorn-39452.exe	94
PID 1700 wrote to memory of 4448	1700	Unicorn-39452.exe	94
PID 4292 wrote to memory of 4680	4292	baf9354353c39f14370ad8a600fa3220N.exe	95
PID 4292 wrote to memory of 4680	4292	baf9354353c39f14370ad8a600fa3220N.exe	95
PID 4292 wrote to memory of 4680	4292	baf9354353c39f14370ad8a600fa3220N.exe	95
PID 4448 wrote to memory of 2368	4448	Unicorn-30381.exe	97
PID 4448 wrote to memory of 2368	4448	Unicorn-30381.exe	97
PID 4448 wrote to memory of 2368	4448	Unicorn-30381.exe	97
PID 4680 wrote to memory of 964	4680	Unicorn-1278.exe	98
PID 4680 wrote to memory of 964	4680	Unicorn-1278.exe	98
PID 4680 wrote to memory of 964	4680	Unicorn-1278.exe	98
PID 1700 wrote to memory of 640	1700	Unicorn-39452.exe	99
PID 1700 wrote to memory of 640	1700	Unicorn-39452.exe	99
PID 1700 wrote to memory of 640	1700	Unicorn-39452.exe	99
PID 4292 wrote to memory of 4456	4292	baf9354353c39f14370ad8a600fa3220N.exe	100
PID 4292 wrote to memory of 4456	4292	baf9354353c39f14370ad8a600fa3220N.exe	100
PID 4292 wrote to memory of 4456	4292	baf9354353c39f14370ad8a600fa3220N.exe	100
PID 2368 wrote to memory of 3840	2368	Unicorn-57153.exe	103
PID 2368 wrote to memory of 3840	2368	Unicorn-57153.exe	103
PID 2368 wrote to memory of 3840	2368	Unicorn-57153.exe	103
PID 4448 wrote to memory of 552	4448	Unicorn-30381.exe	104
PID 4448 wrote to memory of 552	4448	Unicorn-30381.exe	104
PID 4448 wrote to memory of 552	4448	Unicorn-30381.exe	104
PID 4456 wrote to memory of 2480	4456	Unicorn-59191.exe	105
PID 4456 wrote to memory of 2480	4456	Unicorn-59191.exe	105
PID 4456 wrote to memory of 2480	4456	Unicorn-59191.exe	105
PID 4292 wrote to memory of 2832	4292	baf9354353c39f14370ad8a600fa3220N.exe	106
PID 4292 wrote to memory of 2832	4292	baf9354353c39f14370ad8a600fa3220N.exe	106
PID 4292 wrote to memory of 2832	4292	baf9354353c39f14370ad8a600fa3220N.exe	106
PID 1700 wrote to memory of 1972	1700	Unicorn-39452.exe	108
PID 1700 wrote to memory of 1972	1700	Unicorn-39452.exe	108
PID 1700 wrote to memory of 1972	1700	Unicorn-39452.exe	108
PID 4680 wrote to memory of 4896	4680	Unicorn-1278.exe	109
PID 4680 wrote to memory of 4896	4680	Unicorn-1278.exe	109
PID 4680 wrote to memory of 4896	4680	Unicorn-1278.exe	109
PID 964 wrote to memory of 4288	964	Unicorn-65321.exe	107
PID 964 wrote to memory of 4288	964	Unicorn-65321.exe	107
PID 964 wrote to memory of 4288	964	Unicorn-65321.exe	107
PID 640 wrote to memory of 3972	640	Unicorn-45456.exe	110
PID 640 wrote to memory of 3972	640	Unicorn-45456.exe	110
PID 640 wrote to memory of 3972	640	Unicorn-45456.exe	110
PID 3840 wrote to memory of 3736	3840	Unicorn-3432.exe	111
PID 3840 wrote to memory of 3736	3840	Unicorn-3432.exe	111
PID 3840 wrote to memory of 3736	3840	Unicorn-3432.exe	111
PID 2368 wrote to memory of 4520	2368	Unicorn-57153.exe	112
PID 2368 wrote to memory of 4520	2368	Unicorn-57153.exe	112
PID 2368 wrote to memory of 4520	2368	Unicorn-57153.exe	112
PID 552 wrote to memory of 4372	552	Unicorn-3987.exe	113
PID 552 wrote to memory of 4372	552	Unicorn-3987.exe	113
PID 552 wrote to memory of 4372	552	Unicorn-3987.exe	113
PID 4448 wrote to memory of 3888	4448	Unicorn-30381.exe	114
PID 4448 wrote to memory of 3888	4448	Unicorn-30381.exe	114
PID 4448 wrote to memory of 3888	4448	Unicorn-30381.exe	114
PID 2832 wrote to memory of 4260	2832	Unicorn-22519.exe	116
PID 2832 wrote to memory of 4260	2832	Unicorn-22519.exe	116
PID 2832 wrote to memory of 4260	2832	Unicorn-22519.exe	116
PID 2480 wrote to memory of 656	2480	Unicorn-27937.exe	115
PID 2480 wrote to memory of 656	2480	Unicorn-27937.exe	115
PID 2480 wrote to memory of 656	2480	Unicorn-27937.exe	115
PID 4896 wrote to memory of 4416	4896	Unicorn-7002.exe	118

C:\Users\Admin\AppData\Local\Temp\baf9354353c39f14370ad8a600fa3220N.exe
"C:\Users\Admin\AppData\Local\Temp\baf9354353c39f14370ad8a600fa3220N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        9⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        10⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        10⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        10⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        10⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        9⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        9⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
        10⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        10⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        9⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        9⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        9⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1442.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        9⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        9⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        9⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        9⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3766.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
        8⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        8⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        9⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26191.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        7⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        9⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        9⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        9⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49239.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        9⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        9⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33782.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        8⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        7⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        6⤵
        Executes dropped EXE
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54599.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        7⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        8⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        7⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        7⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        9⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        9⤵
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54599.exe
        8⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        8⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        8⤵
        
        PID:18480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        8⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
        8⤵
        
        PID:18996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        8⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        7⤵
        
        PID:19832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        6⤵
        
        PID:19596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        6⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        9⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        9⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        8⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        8⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 648
        8⤵
        Program crash
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        7⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        7⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        7⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        6⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        6⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        5⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        5⤵
        
        PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        9⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        9⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6154.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        7⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        7⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50767.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        8⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        7⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        7⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        7⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        7⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        7⤵
        
        PID:19412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        9⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        9⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        9⤵
        
        PID:20472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
        8⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
        7⤵
        
        PID:18452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
        7⤵
        
        PID:18860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9669.exe
        6⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        7⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        6⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
        7⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
        6⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18123.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        5⤵
        
        PID:18612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        6⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        8⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        8⤵
        
        PID:18504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        6⤵
        
        PID:19620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        5⤵
        
        PID:1636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 716
        6⤵
        Program crash
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        6⤵
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        5⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        7⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32542.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        6⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        5⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60685.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        5⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        5⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
      4⤵
      PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
      4⤵
      PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        8⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        8⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        7⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39278.exe
        8⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        8⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        7⤵
        
        PID:17764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        7⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        6⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47369.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        6⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        5⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        8⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
        8⤵
        
        PID:18848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        7⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        6⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29615.exe
        5⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        7⤵
        
        PID:18532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        6⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        6⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44873.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        6⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        6⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        5⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        5⤵
        
        PID:18872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
      4⤵
      PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
      4⤵
      PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        6⤵
        
        PID:18580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41884.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        7⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        7⤵
        
        PID:18632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        6⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58116.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        5⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
        5⤵
        
        PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46027.exe
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17656.exe
      4⤵
      PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
      4⤵
      PID:19632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        6⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        5⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        6⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        5⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
      4⤵
      PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
      4⤵
      PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      4⤵
      PID:816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        5⤵
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
      4⤵
      PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
      4⤵
      PID:19296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        5⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        5⤵
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
      4⤵
      PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
      4⤵
      PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
      4⤵
      PID:18672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
    3⤵
    PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
      4⤵
      PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
      4⤵
      PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
      4⤵
      PID:19448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
    3⤵
    PID:10604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
    3⤵
    PID:14896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
    3⤵
    PID:6924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        8⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        7⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        7⤵
        
        PID:19572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        6⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        8⤵
        
        PID:18520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        7⤵
        
        PID:17440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        6⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        6⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8162.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        5⤵
        
        PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        7⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        6⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        6⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31558.exe
        6⤵
        
        PID:18492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        5⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        6⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        5⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64600.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        7⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        7⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        6⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        6⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36716.exe
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
      4⤵
      PID:17980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63330.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        7⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        7⤵
        
        PID:18568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        7⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
        7⤵
        
        PID:18696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        6⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        7⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        6⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57660.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        6⤵
        
        PID:19432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        5⤵
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        5⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22934.exe
        5⤵
        
        PID:18684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        5⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
      4⤵
      PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        5⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        7⤵
        
        PID:19284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        6⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        6⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
        6⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57208.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
        5⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        5⤵
        
        PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        5⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41130.exe
      4⤵
      PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        5⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
      4⤵
      PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
      4⤵
      PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
      4⤵
      PID:6360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        5⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
      4⤵
      PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        5⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62984.exe
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
    3⤵
    PID:11212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
    3⤵
    PID:15240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13775.exe
    3⤵
    PID:6212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27937.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        8⤵
        
        PID:19560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        7⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        7⤵
        
        PID:18468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        7⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        6⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        6⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        7⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        6⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        5⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        5⤵
        
        PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        6⤵
        
        PID:19316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        6⤵
        
        PID:16944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        6⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        5⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        5⤵
        
        PID:19052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
      4⤵
      PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20037.exe
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
      4⤵
      PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59092.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        7⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
        6⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60560.exe
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        6⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        6⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        5⤵
        
        PID:19008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
      4⤵
      PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        5⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        5⤵
        
        PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
      4⤵
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
      4⤵
      PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      4⤵
      PID:6264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        5⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        5⤵
        
        PID:716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
      4⤵
      PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        5⤵
        
        PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
      4⤵
      PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
      4⤵
      PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
    3⤵
    PID:11172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
    3⤵
    PID:15268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
    3⤵
    PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        7⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        7⤵
        
        PID:19936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13015.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        6⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14888.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        5⤵
        
        PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        6⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        5⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        5⤵
        
        PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
      4⤵
      PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
      4⤵
      PID:19020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33639.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
      4⤵
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        5⤵
        
        PID:19644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        5⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
      4⤵
      PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
      4⤵
      PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        5⤵
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
      4⤵
      PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
      4⤵
      PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
      4⤵
      PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
    3⤵
    PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
    3⤵
    PID:10260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
    3⤵
    PID:14640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
    3⤵
    PID:4100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        6⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10238.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47703.exe
        5⤵
        
        PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        5⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17622.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
      4⤵
      PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11649.exe
        5⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
      4⤵
      PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
      4⤵
      PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
      4⤵
      PID:7352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
    3⤵
    PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
      4⤵
      PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
      4⤵
      PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32875.exe
    3⤵
    PID:9416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
    3⤵
    PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
    3⤵
    PID:6772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        5⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        5⤵
        
        PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
      4⤵
      PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
      4⤵
      PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
    3⤵
    PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
      4⤵
      PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
      4⤵
      PID:18780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
    3⤵
    PID:9208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
    3⤵
    PID:17344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
    3⤵
    PID:6408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
  2⤵
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
    3⤵
    PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
    3⤵
    PID:11828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
    3⤵
    PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
    3⤵
    PID:6940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
  2⤵
  PID:7900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
  2⤵
  PID:10496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
  2⤵
  PID:14952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38536.exe
  2⤵
  PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1636 -ip 1636
1⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7908 -ip 7908
1⤵
PID:12692

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:2464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:18244

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe

Filesize
184KB

MD5
9a578c82fbcdc7bfed530fee4b4a7e4a

SHA1
f3639e2fa869baa966cfb53ae658f1d51491bdb7

SHA256
cb59c722441cedfd385ab665067719270c9a8a77c15195dfa6429d40ef2a8291

SHA512
2c3ec65c8c3d587029bc2744299c7b3b60755f5ac95dfa93735469ab693c80bf9c17173d77dbb298cd8543c6b68d42cc8a09da15381fad1c18f392d2d0943998

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe

Filesize
184KB

MD5
133809103641ea91deee1252f8a6ba57

SHA1
595541949c27112220a9ac2a21779d5cc4063328

SHA256
8311c1b266ab3f4ccf5825a3a6f64e1fe218957ce37213026159b26f97530d7a

SHA512
c49453ea8c9433ad82de4709f23716294d49452398d87433aee44ddc8cf961ddc3846ab4bf711c80a18836c04018e6e4d43c1b1d62585c9e1dfc32dfabd5c60c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe

Filesize
184KB

MD5
c252d2b070728925d5ef0c953b847403

SHA1
1c2305a0c63901adf3aa4527e22a7d6d53c4006c

SHA256
2bf9172627b453a6fbc964b417384b94fb8c5dfb5564718921f4ac42834c56b5

SHA512
29573cd026183671b69d531461eb029c465ca34ddf4311cbf21079ecafc602a8cb11b43f5a576788bb676cca50fd26f2ed9f71487498df6f01e8f5932adab2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe

Filesize
184KB

MD5
0afaae24e008c855807dab78ab18351c

SHA1
effd141a3083ba0c2f0971b0c44f757921979f08

SHA256
915216e8bf5ab0a5974dafa1715132fda3a63cfe7598de2caae48b0144e56ac3

SHA512
43f9a769dc350b4b7522fb2cb534f0c0680ddd0ffc57c41b69c2e8726763eeea312dab37c3ad49f54d92e864f6f700d05ac82f7b4b80c069efc8fede775e5152

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe

Filesize
184KB

MD5
f66de6a0df858554207dee28508f88c1

SHA1
81e3b013f87ec1be2f0eaab35797748c1f800422

SHA256
68c93e84bde8891fd8bc63e904d72193e700777d39343864d689bda3ffc4b5b5

SHA512
52c7420b22887abd77b100bf7d3308a04f0166a30346ea206acde77e77a25b9257b1651a1efb871240380454d2069eef489a21ef2851e1b399e0ff164879967f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe

Filesize
184KB

MD5
e3b96e719b581d1998b3aac79afb3305

SHA1
acf74537b8904998fcf259d1fa7a117618b40420

SHA256
5db270d5d84b1c9663d4314f27be061148f6685036d0a0e9300b8fa123e58222

SHA512
ffead9ee2c826eb519e925d84117df0de395698c0ed5c1f938b89763706f6b5becaa595813560073c6017efa52d622e855b8073b64bb03565a4c804128d12c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe

Filesize
184KB

MD5
0b1ef7494d076eaabb970c2b3443105a

SHA1
735cd978489aeed9781a8ad6c0c138cdc610f355

SHA256
543628a270546d9b290e7549cab3b2f3414934ac402855277c6eab5229b54c62

SHA512
7a78f0bac7df62ef495e3a1b9394e139ede8ee745b9bc47321faf126f7926a57290abf751595f368fc69f67d6d3cbdb4c7d618807162b710655725a2f415f8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27937.exe

Filesize
184KB

MD5
5792f348e49c2288957d08c179963f64

SHA1
697f166c1d15a894fdbc91dd0649a4cf51ac79cb

SHA256
9403d86b4c96ab027114ab3ad1640e032253a0c05b7d4ce66eea4d9d1fd7df3a

SHA512
efa8d56075b948745e93cd5bf9abfa314dedd8aacc484c00a96be4554f29ce8c6637fd87acc4716ca24d9ebdc6b2c930470124d4b97f81c47c26675aed2fea2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30381.exe

Filesize
184KB

MD5
ef04c3007ad8890b819336f084a2722f

SHA1
24c00c89426d6cb237dbc5ece422e4f4c6fc525c

SHA256
61165aa2ab954414fc547c305b642efe360fcb19cd5159136ed34c3c0d3e3681

SHA512
d843dad7d3089105ae3e6f3da2e0e046631556856f71e9a9e33814cf258eb75047e9f201889220f197ed1800ae8fb3b00dc54ea79a033bf6f72277e6cc9874a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe

Filesize
184KB

MD5
06b59d128c8ec09b4bff48fbefbbb480

SHA1
8ccc9e5e9d6ca8aa5c4edcdb6fe420bb11aa8146

SHA256
60f93abd34a40743a3f011ca28a3e002f422db1cf04ffe8238efcf7eec101c8f

SHA512
40cf1faf8da401969d897217989d0178bc20cec3cce421f39fd451f7fc637242b26555726e4c088c3af0f2467934cb2dacc1b55eabe393b2611ed57b1226e50a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe

Filesize
184KB

MD5
ec7017e4c84c4e436cad62741c5f2381

SHA1
9179303e2b318b1ee040f6a4d24ffe3636861dc5

SHA256
70da2bf6d8b404549bffa724bf7a43211114dda9cc1300f2dd5c8d5f6ac075b2

SHA512
26eaa4708f772548ba530356954dae99726a0c8f1064b3c823ab875d8acd0d24ab9419716a07baa054443dc3364835b5ddf4d387f2591141239890db411e915e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe

Filesize
184KB

MD5
39e5cdd95257933bbcce0e495bfacebd

SHA1
80f29fa07c3ebddde38b290fbeb95b5f0c590fb8

SHA256
6b24c2b0cf93cdec9fb1ab4799bc59f4e9a8e832efa625d8e8c0bb03ac39dc64

SHA512
675838008847bb28d6adf3ea4e4e0625b34fed2c05e4d15268d2fb834200a10bea7378cae39b654e1c5aa8cc1bb571fef2aacd9669f21722a21b5d61232b977d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe

Filesize
184KB

MD5
a81ded93210a98ec3765e2ccdf6512f6

SHA1
86afcbd2e511e5fe1fbfdd5202c2a25628471bf2

SHA256
cf803497dbbd37ea0842b94611e1d9ac47d32d7b1ab8e5f87ff95dcb85510002

SHA512
c6293342941ef1e53e7a907b286b58648056679d713e82a356b090d379b67c13706294da72ff8efab50131d7b12cb8124327367cfd2f3818a4b846e0d80cad36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe

Filesize
184KB

MD5
e21075ac3a571e40972fca63a00cf81f

SHA1
0c2df6e8081d1ed4522a7a74691735e89d4e9b31

SHA256
cd7dda6e6707e886eb0f21ee75655d2c8bf11259f74307c0883d72ee571d05d0

SHA512
cc6cc9a4340a4228ca56c1a82f34eeab744c714efc5a5db4666c0737fa65f6e1a85f5b38c8fedeba811bac7822791684bb26b9dd78f7f8643d5c16dea47323ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe

Filesize
184KB

MD5
e5cfb22f19b7e81a3019ba0ef12b9e4c

SHA1
198293c7ad0debfbe58aa1fb42cd30ea8b9eab92

SHA256
7e4a76e4d17973ab93d7a055090a0c5f37125160e803a04df008f362a1b79e08

SHA512
0e526cd1cc861d41b08ddd6365effc97e2601626e31410bfd255cf3db73a736d64cb85af45845b449d4fa68b6a96b0fc49802388c2e6abd5894b8de75ad9e478

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe

Filesize
184KB

MD5
2249adb45c3e1e90270162210ba1bfd2

SHA1
cd8207ee2a5c1715e88a885c5d51f82638afdc3c

SHA256
813a4b47be6f91c39cda5036bcd0657437fbe0badb47253ec6a2896d1975f01d

SHA512
f3056d383d3c0efa50d6a24c0c3bab5d4561cd30cb447ab2106b610f702706513dd300825ef2a8c22a50308230fe22755d7f7b844c9058905dc491f359d180e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe

Filesize
184KB

MD5
2c40efef18d8ee0e68162d5058c6f8b1

SHA1
af65b9c55040dfcd78ce3a77bcaa42e2c292b216

SHA256
e770fea82650e5562a8b73937fa8650dc6ad3966272f3383ac7e3bfca496bd89

SHA512
f3f3937f36efd95277078d9ef43bccf0e49a6a6e1ae671ab0368ad9bd99f4bc6d25fc0e4c0774211602c22b63e06c8eee04d6546b1987d2782ed132f373e87d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe

Filesize
184KB

MD5
7f80a60e8e6beec92215868f32b7f18d

SHA1
85065384bd5a55f53fe435853102f3fd6b29a5bb

SHA256
bbf51b73a3e86eb5774a872ec8a0e2f4b976a930069c527d42ef7a4b066b9bcb

SHA512
a561cce7f6f76f8572389811dcd0764990e7e52d6e6d0d56acb3f976667914cffd4ce4f5d232f9f7c5a5d5786a0db935a9f57f56ed533e17be6968b768540c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe

Filesize
184KB

MD5
c902bbd803bca09b3cce2cc24af0a8b5

SHA1
43bfd11e2cedff17f12d90f7ae92be178fa7d01f

SHA256
20f1e156e44c9550fbe5297a8169cacb4ba7aeb1dc5245fc8e066d51ba38201a

SHA512
bcc107e6a80a05e0ff5b7d0deaea73e9a56fc76e2370c65e936d888a1f616bf008cc7b85b52003c777efdcec621b420b30fb503f710d87c016572885ff7a64b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe

Filesize
184KB

MD5
2f48c960039fc3fb1a846fde745486df

SHA1
d9051bcb8bb0043ef4c54ddfa13e8c797b1da890

SHA256
39eddfe508661aef5e47052cd07152392cbb3a7af56a2237c25b5b5fb39511ad

SHA512
cf0c5f6bbc88102155fd0a1fbbc31b07cfd3f18e4b039652d5be9d190293b4a0979dff802fb1a93c6cd187d4ab1a2d007c36d3a172d43c43fbc9a2c529b2c22f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe

Filesize
184KB

MD5
da1c3fc623dcb28a798ec778a46b6b9e

SHA1
e9ddc3cb6d76b9d82ca487e1cfac426a60f8e160

SHA256
9d470a8222b23ff83421cc3c7ac2b026c68dad2a44990b432d2f778f21141177

SHA512
1c00d4af4f4c67aa779ec5a625e7aa6c8eb03a3586ba4af2af4e09479f6f81300e552eb09399a84ee13725a0fad69d2b424b31d0c9e9f34a099f28b6db080e1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe

Filesize
184KB

MD5
7dffdaa7a3ac89e4c4a4184c4bdd3590

SHA1
da8b7ad698ff5ab01d6bcdb172732b94b98c454f

SHA256
aeb9032e98456dd6160848970e4bca7defdac932a0110b1c7092f5209f9f983b

SHA512
7421b4ebc2e6ccd96084d703cd7a5d225420a730b29c0df4b505039525f8d01747f5ddcab5bf013b683dedfde4644671cce996920d04e9ec70cb5a3a029db218

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe

Filesize
184KB

MD5
8e5698d33dcca3b5018639f8a80320c9

SHA1
b9ae31181c22aab03fbd951a0d06d4090f74e5b8

SHA256
bca6b3d86f9dd42311534b1f3be55dc7961738e06d359ac36261c77bd1e9f123

SHA512
633160ba81bf3f683ccd4dc218c73434ffcf924dc9ee42dd553ae88efff7932ac8c4f8ccf2bcf51a533d7b8e2f98969f584e1ddcf7b8bc9b6faac3ec17760f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe

Filesize
184KB

MD5
2b729b9afe167a2887fc0ecc48410145

SHA1
706f4659aa8b1dfac63cda021756ae3e80ba191b

SHA256
007bba8c3e1c16e0af7fd875f970eea0b23f2aee3dc3c1d37d6b9df3bcf95dc7

SHA512
3a5068e7c002f593504d57eeb5a52acee38ce9b2e482a0aae380ccba75d88bbf2f01989fddff460506a6a8166abc1b5c52af5b6dff9224e82e31a901b653b373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe

Filesize
184KB

MD5
d8fa0b78ff8d5d9bf1191bae7e68810f

SHA1
702b357ad9d10556a6f2dc3b8f46dee24a916c9e

SHA256
899ac082d36b75369aac126560acf1cd5c45fb0f93fceb967c4aa11597034009

SHA512
32b3fb991bfe7a2a5d1666929ed070e6044c7fe1be8b2094464964bbdd823e756c737a0b094420b945bcf1a105d0ed5a5766273c7df4077e444b87047ff7c51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe

Filesize
184KB

MD5
12d3102fff0723878f6da38f0521ce36

SHA1
30776d9f5939f151200d94a7ad68d890d3db0472

SHA256
37ecb15a28f792b2b6d9b1ef85a6b68e9eeaa11e7c1b14b25d20e8b921bf4cc8

SHA512
cb5d718d20cf237d056ebf851eab70d75069a9829bfaf27a7b3fa06ca469f9bdd5dd3579dfb77e42cfe4da3391f5afde28dd37b6f2534ebb9e533c7c361f13ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe

Filesize
184KB

MD5
1b6a4166b62ce9bbf3550bfdeac32a94

SHA1
3169891dce73fe7a6e619dc6ea1b07f3b4bb9b1a

SHA256
8fa37f527cee6edcc54ba536ff39139594fa5b5ef780248959e5ba5f9cd0e29a

SHA512
6f95e234654a22af2712c9468ae80ffb35d412794d811738ad303fedba4717f45fd90cbe583a0bd632222a2a38fb199cc245836b3b374ff5090c6057253d1605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe

Filesize
184KB

MD5
1ea7e48984358e3613602ea061721004

SHA1
25bc9ee20e9f6c273e72050c4c701082c7557489

SHA256
5559c22c319513e2f98a3f9948f807ba3c0644861e9e818171cb3c30d6cbd72e

SHA512
e1fbac4fec813eea2c395d6b5cb55c052cb4783e48fbc1b7d11e7be56342eba0523f946ea35d232628a52e7797dfa9f0af4e7010c7976f78b49e0e13016ad8fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe

Filesize
184KB

MD5
2d8daa931ad47a2c7ae45d383c2ef8f4

SHA1
3dc3cf56051d048cb5953748b97849038d55eb4a

SHA256
9500b9b37ae2f34b54bf79185414d92df48c54f135ec6e904012131b11e484fb

SHA512
0482ceed9ed8b4fc21b06bc5ce08b1e1597325fd47977c50ebb78f582ceb130825c2f537b707fc218c5252a16ef6fc4d5cdc0c560742400c3cad244961ad2932

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe

Filesize
184KB

MD5
cef597471a1ffa13411e602300a8a65c

SHA1
9bea0d2e3e0fb4ccc2c4f9abb6e98c10a73f134e

SHA256
d61c018899034e9bd3410a0a7c5cdd547aac28305c510ad0c07a23e6ec810592

SHA512
05b37951548c7862ed50857141e56b7fa62bd94b956fc35495de75dd2ee2eff18e32b25240b0935a3f4efec3e77d52a74e52029ffebf9c59262a2b7985445d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe

Filesize
184KB

MD5
62215032b811779bed04a24c0deeee7e

SHA1
29336390fd899053878e1a6bc047e961dccf0ab6

SHA256
32eed52d1f073a4a912cd4d50f31aae57816a2070e2c87fe830941179946f858

SHA512
f8f6c0729332dafb23a544a3d752470889a3d51370d871add9daa6950e89ceac7bde94335ecb9ad7c8427efa7ef02103ac69c6902e1d6f68e5c2b623eb4f0f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe

Filesize
184KB

MD5
40dce802a1dc55ee376aed1187f1dbd8

SHA1
563fe432bb1ef29e09b3ec414632e9ab65eab6df

SHA256
9fb480cf57831898adbf7e9e2d3744f1257e4b6d98189a38f5149ddd25ece69a

SHA512
b52b34230960f0a2e269632d810074c57051949492115e232289b925bd6269198048745cfb0b3e745f4d68f4875767a48a667f03a0e491a5883a9827878a126d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe

Filesize
184KB

MD5
6ac59612ef9201d42110f764a10c9f80

SHA1
f4f37700084456d8addf2955f9a34bd19e486257

SHA256
3a6a59a38402d7a0392369a99c247d300b734eca134447f807cde07e3a394116

SHA512
ba57653143687cd76801d99d6b64efb2b142e08433abbbe6e0914fcc902541e7b5152e45b42f5e60a7fc35544437ca88d4786f14660f43e04a35869e1ca7b89c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads