2b0cb9598a6d61a140ce018115c34e0703efe5d2357efc4560a98f701e4930db

Analysis

max time kernel
106s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c4b0c394afe6640c41222ab4ce751e0N.exe
Size

468KB
MD5

6c4b0c394afe6640c41222ab4ce751e0
SHA1

c21464ef9350be8f5e297d840efc2fbfd1757a6d
SHA256

2b0cb9598a6d61a140ce018115c34e0703efe5d2357efc4560a98f701e4930db
SHA512

355a80c1b4b6461be647f020955f5ff0cc8fe0c10cb331c3972f05dffafd1d27964f3a99984f7781cbd4ba5b8f72964aa90f8f35a97b28ae39712273528d2cc3
SSDEEP

3072:8ufCotlZI03YtbHE5zcOff/sEWhW+Ipt81HCkdUjxRDcBSKNQXlW:8uqoaOYtY54Off40htxRAUKNQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1732	Unicorn-10565.exe
2692	Unicorn-45542.exe
4324	Unicorn-50181.exe
2136	Unicorn-55822.exe
1052	Unicorn-27788.exe
3876	Unicorn-41524.exe
336	Unicorn-12651.exe
3812	Unicorn-59434.exe
4628	Unicorn-46668.exe
1844	Unicorn-996.exe
4468	Unicorn-6149.exe
3156	Unicorn-9968.exe
3624	Unicorn-28607.exe
3532	Unicorn-60394.exe
464	Unicorn-61363.exe
3236	Unicorn-28490.exe
732	Unicorn-28490.exe
3372	Unicorn-59116.exe
640	Unicorn-49465.exe
4344	Unicorn-3793.exe
4504	Unicorn-65246.exe
2644	Unicorn-56813.exe
4596	Unicorn-37212.exe
2972	Unicorn-45381.exe
4856	Unicorn-65246.exe
116	Unicorn-7115.exe
3324	Unicorn-46697.exe
4040	Unicorn-51336.exe
540	Unicorn-9748.exe
3412	Unicorn-62768.exe
5020	Unicorn-50760.exe
4316	Unicorn-43189.exe
1704	Unicorn-9562.exe
2932	Unicorn-18301.exe
1156	Unicorn-29591.exe
3296	Unicorn-50973.exe
3212	Unicorn-46889.exe
4296	Unicorn-9940.exe
4836	Unicorn-46889.exe
2200	Unicorn-21927.exe
4872	Unicorn-37552.exe
3956	Unicorn-59696.exe
1472	Unicorn-20199.exe
2504	Unicorn-40065.exe
3320	Unicorn-40065.exe
1940	Unicorn-12353.exe
2912	Unicorn-42103.exe
2484	Unicorn-32451.exe
2628	Unicorn-56956.exe
2664	Unicorn-11284.exe
3432	Unicorn-44704.exe
4772	Unicorn-62523.exe
3576	Unicorn-15945.exe
2188	Unicorn-40449.exe
4876	Unicorn-36365.exe
4452	Unicorn-16499.exe
3028	Unicorn-56785.exe
2024	Unicorn-46571.exe
4328	Unicorn-43771.exe
2820	Unicorn-19645.exe
4256	Unicorn-39555.exe
3764	Unicorn-53661.exe
4312	Unicorn-58300.exe
1180	Unicorn-13505.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
18072	15652	WerFault.exe	754

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17097.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5644	dwm.exe
Token: SeChangeNotifyPrivilege	5644	dwm.exe
Token: 33	5644	dwm.exe
Token: SeIncBasePriorityPrivilege	5644	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1972	6c4b0c394afe6640c41222ab4ce751e0N.exe
1732	Unicorn-10565.exe
2692	Unicorn-45542.exe
4324	Unicorn-50181.exe
2136	Unicorn-55822.exe
1052	Unicorn-27788.exe
3876	Unicorn-41524.exe
336	Unicorn-12651.exe
3812	Unicorn-59434.exe
4628	Unicorn-46668.exe
1844	Unicorn-996.exe
3624	Unicorn-28607.exe
4468	Unicorn-6149.exe
3156	Unicorn-9968.exe
3532	Unicorn-60394.exe
464	Unicorn-61363.exe
3236	Unicorn-28490.exe
732	Unicorn-28490.exe
4344	Unicorn-3793.exe
3372	Unicorn-59116.exe
640	Unicorn-49465.exe
2972	Unicorn-45381.exe
4504	Unicorn-65246.exe
2644	Unicorn-56813.exe
116	Unicorn-7115.exe
4856	Unicorn-65246.exe
4596	Unicorn-37212.exe
3324	Unicorn-46697.exe
4040	Unicorn-51336.exe
540	Unicorn-9748.exe
3412	Unicorn-62768.exe
5020	Unicorn-50760.exe
4316	Unicorn-43189.exe
1704	Unicorn-9562.exe
2932	Unicorn-18301.exe
1156	Unicorn-29591.exe
4872	Unicorn-37552.exe
3296	Unicorn-50973.exe
4296	Unicorn-9940.exe
2200	Unicorn-21927.exe
4836	Unicorn-46889.exe
3212	Unicorn-46889.exe
3956	Unicorn-59696.exe
2504	Unicorn-40065.exe
1472	Unicorn-20199.exe
2628	Unicorn-56956.exe
2484	Unicorn-32451.exe
2912	Unicorn-42103.exe
2664	Unicorn-11284.exe
3320	Unicorn-40065.exe
1940	Unicorn-12353.exe
3432	Unicorn-44704.exe
4772	Unicorn-62523.exe
3028	Unicorn-56785.exe
3576	Unicorn-15945.exe
4452	Unicorn-16499.exe
2188	Unicorn-40449.exe
4876	Unicorn-36365.exe
2024	Unicorn-46571.exe
4328	Unicorn-43771.exe
2820	Unicorn-19645.exe
4256	Unicorn-39555.exe
3764	Unicorn-53661.exe
4312	Unicorn-58300.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1732	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	89
PID 1972 wrote to memory of 1732	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	89
PID 1972 wrote to memory of 1732	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	89
PID 1732 wrote to memory of 2692	1732	Unicorn-10565.exe	92
PID 1732 wrote to memory of 2692	1732	Unicorn-10565.exe	92
PID 1732 wrote to memory of 2692	1732	Unicorn-10565.exe	92
PID 1972 wrote to memory of 4324	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	93
PID 1972 wrote to memory of 4324	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	93
PID 1972 wrote to memory of 4324	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	93
PID 4324 wrote to memory of 2136	4324	Unicorn-50181.exe	95
PID 4324 wrote to memory of 2136	4324	Unicorn-50181.exe	95
PID 4324 wrote to memory of 2136	4324	Unicorn-50181.exe	95
PID 1732 wrote to memory of 1052	1732	Unicorn-10565.exe	97
PID 1732 wrote to memory of 1052	1732	Unicorn-10565.exe	97
PID 1732 wrote to memory of 1052	1732	Unicorn-10565.exe	97
PID 1972 wrote to memory of 3876	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	96
PID 1972 wrote to memory of 3876	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	96
PID 1972 wrote to memory of 3876	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	96
PID 2692 wrote to memory of 336	2692	Unicorn-45542.exe	100
PID 2692 wrote to memory of 336	2692	Unicorn-45542.exe	100
PID 2692 wrote to memory of 336	2692	Unicorn-45542.exe	100
PID 2136 wrote to memory of 3812	2136	Unicorn-55822.exe	101
PID 2136 wrote to memory of 3812	2136	Unicorn-55822.exe	101
PID 2136 wrote to memory of 3812	2136	Unicorn-55822.exe	101
PID 4324 wrote to memory of 4628	4324	Unicorn-50181.exe	102
PID 4324 wrote to memory of 4628	4324	Unicorn-50181.exe	102
PID 4324 wrote to memory of 4628	4324	Unicorn-50181.exe	102
PID 1052 wrote to memory of 1844	1052	Unicorn-27788.exe	103
PID 1052 wrote to memory of 1844	1052	Unicorn-27788.exe	103
PID 1052 wrote to memory of 1844	1052	Unicorn-27788.exe	103
PID 3876 wrote to memory of 4468	3876	Unicorn-41524.exe	104
PID 3876 wrote to memory of 4468	3876	Unicorn-41524.exe	104
PID 3876 wrote to memory of 4468	3876	Unicorn-41524.exe	104
PID 1972 wrote to memory of 3156	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	105
PID 1972 wrote to memory of 3156	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	105
PID 1972 wrote to memory of 3156	1972	6c4b0c394afe6640c41222ab4ce751e0N.exe	105
PID 1732 wrote to memory of 3624	1732	Unicorn-10565.exe	106
PID 1732 wrote to memory of 3624	1732	Unicorn-10565.exe	106
PID 1732 wrote to memory of 3624	1732	Unicorn-10565.exe	106
PID 336 wrote to memory of 3532	336	Unicorn-12651.exe	107
PID 336 wrote to memory of 3532	336	Unicorn-12651.exe	107
PID 336 wrote to memory of 3532	336	Unicorn-12651.exe	107
PID 2692 wrote to memory of 464	2692	Unicorn-45542.exe	108
PID 2692 wrote to memory of 464	2692	Unicorn-45542.exe	108
PID 2692 wrote to memory of 464	2692	Unicorn-45542.exe	108
PID 4628 wrote to memory of 732	4628	Unicorn-46668.exe	109
PID 4628 wrote to memory of 732	4628	Unicorn-46668.exe	109
PID 4628 wrote to memory of 732	4628	Unicorn-46668.exe	109
PID 3812 wrote to memory of 3236	3812	Unicorn-59434.exe	110
PID 3812 wrote to memory of 3236	3812	Unicorn-59434.exe	110
PID 3812 wrote to memory of 3236	3812	Unicorn-59434.exe	110
PID 2136 wrote to memory of 2972	2136	Unicorn-55822.exe	111
PID 2136 wrote to memory of 2972	2136	Unicorn-55822.exe	111
PID 2136 wrote to memory of 2972	2136	Unicorn-55822.exe	111
PID 4324 wrote to memory of 3372	4324	Unicorn-50181.exe	112
PID 4324 wrote to memory of 3372	4324	Unicorn-50181.exe	112
PID 4324 wrote to memory of 3372	4324	Unicorn-50181.exe	112
PID 1844 wrote to memory of 4856	1844	Unicorn-996.exe	113
PID 1844 wrote to memory of 4856	1844	Unicorn-996.exe	113
PID 1844 wrote to memory of 4856	1844	Unicorn-996.exe	113
PID 3876 wrote to memory of 640	3876	Unicorn-41524.exe	114
PID 3876 wrote to memory of 640	3876	Unicorn-41524.exe	114
PID 3876 wrote to memory of 640	3876	Unicorn-41524.exe	114
PID 3156 wrote to memory of 4344	3156	Unicorn-9968.exe	115

C:\Users\Admin\AppData\Local\Temp\6c4b0c394afe6640c41222ab4ce751e0N.exe
"C:\Users\Admin\AppData\Local\Temp\6c4b0c394afe6640c41222ab4ce751e0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        11⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        11⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        10⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        10⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        10⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        9⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        9⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        8⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        8⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        9⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        9⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        9⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        8⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        8⤵
        
        PID:18464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        7⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        8⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        8⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
        8⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        8⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        7⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        7⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        7⤵
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        7⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        9⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        9⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        8⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        8⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        8⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        7⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
        7⤵
        
        PID:19052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        6⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        6⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        8⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        8⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        7⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
        7⤵
        
        PID:19116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        7⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        6⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        5⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        5⤵
        
        PID:19172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        9⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        9⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        8⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        7⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        6⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32538.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
        6⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        8⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        7⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        6⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        6⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        5⤵
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        6⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        6⤵
        
        PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
        6⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        6⤵
        
        PID:19152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
        5⤵
        
        PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        5⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        5⤵
        
        PID:18992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58437.exe
      4⤵
      PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
      4⤵
      PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
      4⤵
      PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        9⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        9⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        8⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30006.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        7⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        8⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
        7⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27274.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        6⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        7⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        8⤵
        
        PID:18440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        7⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        6⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        5⤵
        
        PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        8⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        8⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        8⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        7⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        7⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        6⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50959.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
        8⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        6⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        7⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        7⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        5⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        6⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        7⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        6⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        5⤵
        
        PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
      4⤵
      PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
      4⤵
      PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        7⤵
        
        PID:18240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        6⤵
        
        PID:18572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        6⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11316.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        7⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        6⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        5⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4019.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        5⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        5⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
      4⤵
      PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        5⤵
        
        PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58214.exe
      4⤵
      PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
      4⤵
      PID:17824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        8⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        7⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        5⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        5⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        6⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        5⤵
        
        PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        6⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        5⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
      4⤵
      Executes dropped EXE
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        6⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19048.exe
        7⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        7⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        6⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        6⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        5⤵
        
        PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        5⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
      4⤵
      PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        6⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
      4⤵
      PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
      4⤵
      PID:11580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
      4⤵
      PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
    3⤵
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
      4⤵
      PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
      4⤵
      PID:17476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
    3⤵
    PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
      4⤵
      PID:16716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
    3⤵
    PID:17704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
    3⤵
    PID:18156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        9⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        10⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        9⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        9⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        8⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        7⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        7⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        6⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        8⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        7⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        9⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        8⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        8⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        7⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        6⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        7⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        6⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        7⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        7⤵
        
        PID:19004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        6⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        5⤵
        
        PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        7⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
        6⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        6⤵
        
        PID:19084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        5⤵
        
        PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50257.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        6⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        5⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        5⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        5⤵
        
        PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53683.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        5⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
      4⤵
      PID:16792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        6⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:19136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        7⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        7⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
        6⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        5⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4994.exe
        5⤵
        
        PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
      4⤵
      PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
      4⤵
      PID:17932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
        7⤵
        
        PID:18228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57920.exe
        7⤵
        
        PID:19188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        6⤵
        
        PID:17620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        5⤵
        
        PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        5⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50111.exe
        6⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        5⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        5⤵
        
        PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        5⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        6⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        5⤵
        
        PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
      4⤵
      PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        5⤵
        
        PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
      4⤵
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
      4⤵
      PID:17920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
    3⤵
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
      4⤵
      PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
    3⤵
    PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
    3⤵
    PID:10848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
    3⤵
    PID:15188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
    3⤵
    PID:18340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        5⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        7⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4019.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
        6⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6558.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        5⤵
        
        PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        7⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        6⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        6⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52959.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        6⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        6⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        5⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        5⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        6⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        5⤵
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
      4⤵
      PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
      4⤵
      PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        8⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        7⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        6⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        6⤵
        
        PID:12232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        6⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        6⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        7⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        5⤵
        
        PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
      4⤵
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
      4⤵
      PID:364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        6⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        5⤵
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        6⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
        5⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        6⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        6⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        5⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        6⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
      4⤵
      PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
    3⤵
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
    3⤵
    PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
      4⤵
      PID:17000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
    3⤵
    PID:8556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
    3⤵
    PID:13792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
    3⤵
    PID:2540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        7⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        5⤵
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        7⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        6⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
      4⤵
      PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
      4⤵
      PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
      4⤵
      PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54725.exe
      4⤵
      PID:10944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        5⤵
        
        PID:15652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15652 -s 464
        6⤵
        Program crash
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
      4⤵
      PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
      4⤵
      PID:18400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
      4⤵
      PID:17556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
    3⤵
    PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
      4⤵
      PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37448.exe
    3⤵
    PID:11740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
    3⤵
    PID:16720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
    3⤵
    PID:16348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        7⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        5⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        6⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
      4⤵
      PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
      4⤵
      PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
      4⤵
      PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      4⤵
      PID:18012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19535.exe
    3⤵
    PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
    3⤵
    PID:13492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
    3⤵
    PID:1468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
      4⤵
      PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        5⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        5⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
      4⤵
      PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        5⤵
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
      4⤵
      PID:15668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        5⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
      4⤵
      PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
      4⤵
      PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35715.exe
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
    3⤵
    PID:10528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
    3⤵
    PID:14644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
    3⤵
    PID:3728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
  2⤵
  PID:448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
    3⤵
    PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
        5⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
    3⤵
    PID:8840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
    3⤵
    PID:11980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
    3⤵
    PID:404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
  2⤵
  PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
    3⤵
    PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
      4⤵
      PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
    3⤵
    PID:11260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
    3⤵
    PID:13812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
    3⤵
    PID:18492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
  2⤵
  PID:7828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:12184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24736.exe
  2⤵
  PID:17284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
  2⤵
  PID:17936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 16260 -ip 16260
1⤵
PID:18044

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10565.exe

Filesize
468KB

MD5
c9a7da60f03546159e6889bb4a7cb346

SHA1
9d82bc8de372e276fd9c227f16cdf11c3e7339c6

SHA256
2d54c3b4899abc9be8e690a9304a6c4f2a032539c24cd91d178d69867839cc5d

SHA512
222ebc301165831f079610db89c43d204c1767c5c85fa5c1a7b27789c5870172bc73ffe647c603f90f237615d1412c06ddb1f7b1a6fdebfe706ade2b7d1b79ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe

Filesize
468KB

MD5
58bc4cb2b06f0eb1cbf47ba1549863b8

SHA1
221afd459a5ef52dce5b00ed52598bb7f4c54f67

SHA256
421c69fc0bece145c2ab11e03b576fbe009c33cd1a454fe7c460623847adb96c

SHA512
e97275bcd865e82a2d2b6de1e7fc56800edc3ed3ed04a02df6df710147f74457fabe2fc90d3b748ac7e3b0eaaf7105bae568f58cc83e034bc59dc9653a981b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe

Filesize
468KB

MD5
5de7e491a5b08b5582b1aeee520da170

SHA1
cd4b9bd3a0be6c0034bc81fb2d0833d70d6ffbe4

SHA256
e9ea931c53afb91ee046ab6521fbe12b97b10e38333b8600515fc799cd194016

SHA512
033243f53f7ee84aa3d5f9306ca3a0e00fa1ff8fdf04e7f25e8a449552b11d7ec00c188c8a05dc5ec73effc82714c3770fc1918cf0106dce53b835ade93777bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe

Filesize
468KB

MD5
7c10890429fe89b1846dc2ee379b3bab

SHA1
47a45da8fd4ca675e61846f8df1e1cbee3658a48

SHA256
92962573bec127eefb18b025678e2685da0b3fdca67749bbe66d5de70cd053e8

SHA512
7fcb662fe846a24a18fc8b4283e2bb83306d5e6035b66906421445da0a1037406f688e234fed856234aada158698b255b6d797d65bba1010ef3f262b62d13cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe

Filesize
468KB

MD5
d7d0b0c16856a4b22988a0ca5d151ef9

SHA1
ff76763da1850e561034044b4df318e57ac640a6

SHA256
c46bf0c20ae2d5ee83e22b50ea86ed1b1f18309b7668a52f1f106e73b96905b0

SHA512
88193c303596058d98c940976e202fea8c300019db7ab6c250abeb7417387f73c8072c64e1ce186a7c031d135756361abf369853002ffa11393a83edac8e582c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe

Filesize
468KB

MD5
5573543ad48f7e7239f68194fc14c6b7

SHA1
ae3116af9e6d5b3ba015740e7e2ff90f98832f06

SHA256
a884e744b53493b706cd61c7bd9775444850ce032cb54c1dc8b6019fd27927af

SHA512
5c7d0d59268ad145c6c85f99bba3de6e2aa1e0bebebf032d1b7b2074a21bded79247f1ca1a8e43d85276d2fa63baa41798eee79b7b00940147acc13b42a49e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe

Filesize
468KB

MD5
e29bb977cf85930e712b8c6405311a41

SHA1
405533c774c381a77ff99d60bdd6c371aafdc1ec

SHA256
465e012d585193e60a1090a26ab1ce94684bebfd129caa246ddb78708f14d260

SHA512
2e9849019829ff77bea20716ebcfe0665c52f84932c7096689dee0fbed06b3c3c4176cb35acf82e0a7507c514fd9a03807000d0042639df5378167976ce03ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe

Filesize
468KB

MD5
6bb30c86438a07488af19074f471a31d

SHA1
e3bb17aefbff2a602931e66c939554dadbd8bc0a

SHA256
af1f4760f555a383ba073a7954ed1490ded25820c09d2248f14f1abe19ae51c8

SHA512
37f451a28488832586b69a15f3c357d42eda14a9192fa110a256c5f1187044d98c9f9939238ef70af0540e6173cc1cc975370d7a9102a7bf8914a702bd81c3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe

Filesize
468KB

MD5
b9193a3798f859a4e89616e1de6a7e45

SHA1
579230e5ce3bf4cd7c0e852e0ce4a5161b6fa99d

SHA256
2b01769de4fde3095d09200de8fc7c2e805482bdd2b0e39f24b270928014419b

SHA512
22da96146ff9ea62dff2eadfbb5077ea44cbfd0824c03e6961a1853770e974534f9d4925fb6ad410ae4a9dfa2151935836ba2c23d46b4db7fb037a10726a4709

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe

Filesize
468KB

MD5
1ad9f3a7f038abfe6584d80680315288

SHA1
957738721c73744f29e8bdb337c4fd876cc02c6a

SHA256
e5311fbc8639a7de179fc9b1d4ea23de8281d83977d164baf5e142be0e9604c2

SHA512
6ef349fdab3f873d80cc942f5baf93c1089a3fddabae4148282a03c0aab400f4b02fd7be7bacd63abaaff24e55a50be3cf8ca1d69c54e65eb3f013aa40243f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe

Filesize
468KB

MD5
2f2f9e8a049dbf9145772b0f671194ea

SHA1
2f80e17acb0939f5213561af96e2c4d2f3bf2308

SHA256
0988a83b8c33f38382719eb6cc94cbf1666a37d09c9fead922d60cbb1e668e65

SHA512
93da6e41bcae197c2fa8dadf63687b7a496efc696eb3153e6fbfbeac7edcb73ce71d970d4844ff9f130709d3d1855b3727f72e6f32524aef8b39924e0c5814fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46668.exe

Filesize
468KB

MD5
df8f42551bdf23b1544cb92296d90f88

SHA1
089329c2ac6f5d6405fd2115d1208241a0c2015d

SHA256
1fc287ac3bb8b1e468efb9cc01e74162459c38a6568f877add0685294c340efa

SHA512
be7e95118e4e785272eaf3a53ef1f111742151e903cc4be4c3f9437a9393d0ee33e7a7c2f1e3ecc65cde8b70367023e7d7b8195aa7d671576e5d47d9f61bc2bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe

Filesize
468KB

MD5
3930d3c3bb1e3699386fd923dac2c228

SHA1
6890b5c63963acc55f6128122ef0da80d7b8403f

SHA256
12f1f2a14bd1a0b2a399918ba65f95629baacb3a730619ee4c94252d09b76518

SHA512
306872f02c772af0dec454e6261ba9494b316fce0ad9a5cd78ff54e131f8ac41a577e03d2ec52c3d5628d387768fc58b70987d474256ab15f43520ff24b71bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe

Filesize
468KB

MD5
f07e05531f82a3947a5335be937617a5

SHA1
88cee4831c39dfd4acf6f1f99bef6fd62cd1ecd1

SHA256
8333e97d334996edf2a8598f10f250d1f129307da3da85b44c3733bd88ace470

SHA512
20220407ac7d68069b9ebfaae2302b85945cb8a4614e5f79bc1d646dfe4a3c6fe6c49d6fb568981d35504c5e5e6001c7c96235c60a1dbd1cadd2d81cbb3649c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe

Filesize
468KB

MD5
6cbcd2868c42fd38e4fccaa2eb5248c6

SHA1
d5c62f6c04735ec88dea4eb55406858478dfb9f9

SHA256
b207d4f90c535de9bdb15538e88310ee57d2b0f900dff6f5cecf02244c939c87

SHA512
aec886daa06f209122e52c4aa66c5736441bc4b809d33c4c0913789184352efcb53b2b3df1f6a7f2b1704f9fa914ee97ad481c0e3c5cf2963387e723f2e36610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe

Filesize
468KB

MD5
313a3e2764137dfa620b2e3c886d1a87

SHA1
1365d8c00bd8b06ee7a36dc1810ad2995d8fccd9

SHA256
3e42bd0a81bc862a12f31814f92be81a150ccfd9120dec1cb0d908561f5d76c1

SHA512
0563a95591d49b853017184a1432c5d78c9a8c8aae2f7f6e47ccd31ca9b497c016f7e927fb247c513a2374c10f86e087f062727d3c35ea1dc5dd9ec1c7bdb870

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe

Filesize
468KB

MD5
8e53e852d9156b8bd203453fb0e2857d

SHA1
42cabe925fe4208b2a431e096e4f91758602b598

SHA256
34a2cce94bee8b5462db10fb2cad31be7992791de8df67d9b9efa3400937442f

SHA512
c1c2530bc6ca6a5418f8e137b152133d18e9e01af89d622763bbda097dbeca2fbc308c59ea1913c623fb4190caf64c0e7aaed763c0a7f244887b629244d00398

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe

Filesize
468KB

MD5
6da549f6ffd7c9dc0b6fce396e5dc0de

SHA1
ad274a22051aec0516db6fd11b10c8296f05e48e

SHA256
93a5b46718b548f93cb7fad7d0f087a3f10c14ac3ea2d32ecf7ccfa5874e037a

SHA512
c430ec4d681dfcfcfbd8a2d28366ff3b5d5e340d1eecabc9a9432353fa7510eb8290a6c6d5fe5d35548173f20e962fb12bfe0f8693ab098ddfba77b95b930a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe

Filesize
468KB

MD5
62f6a43eaaa46a93cc1754712301f4da

SHA1
6a7963e0e7a65bab9ef087e5b4b9fda8b6265cbd

SHA256
b5416f8713d4babf8dc9a683fe9a0c3bcd5e5fbc19fb8f535a9c3e8532a84318

SHA512
964bdf66e48f931f3f3851ae61d104186e9e22b0257066bb82a52e1c9cab17c9342a034ef10403077c981967d468907ca79a595dbf689e2b131f9928487fa9d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe

Filesize
468KB

MD5
1f758e97e96e53e49b19f52a23910a95

SHA1
e629aa4b8e83d81cd6f9d963cda54013525b00a2

SHA256
76559f04ac8669b2e63f97eecc32379a3cdee45b59897aaa0a6ea73c6f0d699f

SHA512
788c7c3f95eedc9a9ff3122612e2f8b2c9fa3b3e3655373674353653d69cfab2035debd2cebbe727280caff101e96f056ecbf6ea006d7426b3ae987b54cd20f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe

Filesize
468KB

MD5
93309ec922a1a476690eb9837e053e60

SHA1
191bc19a9136ba0a23d901033d58ff719ef414ad

SHA256
e5c0c3153be8b21bd9d1df0d47908d0971994df6611cb93c20ef8ac06fc514b8

SHA512
e7a3d1a9b747d45ef243556f0b19098f02a0f16d8b690269f9d3a5090d900e4c7ed5e0ca95cfca959d9bfabeb1f23141f2ce80beded66d7d17760765ecebb062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe

Filesize
468KB

MD5
8cb00c717b251a47ccf42782ed862c9c

SHA1
e7080943372dcbd178918bd48e4def4c84b3aef2

SHA256
e0aae5a0d9dd778ce3ac3e5f5239f9dae4bc7bd97441b9b5e42b0ae5c0287b4b

SHA512
1b14979de2d89420791bcc2912ff22fb8fc6e3f4454b6a134ed4b34d84906119dc195d31bd628f1e7b44fbb4b62e16253ab0c7de60b63ecdda8f3d932940ef18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe

Filesize
468KB

MD5
25fed5c108fac14ea7e03d1c88707f70

SHA1
88d807f4ef8b52a57852c82a4b581676368af1b9

SHA256
c870b33b2cdcfa5ebf627fbc1eacc9807c466682410f0a683bf9156c9ec98e97

SHA512
075c77bc5711e389f424f4d194d4b3ac4e8b3b71552eca92fb9f8ca2df1e056ca24e1738b2ca55def8f058ff434a82ab9a3379c68763377156b1f1c492ee34af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe

Filesize
468KB

MD5
97b9917b6ca4d8b203bcd1f9dd544dca

SHA1
f6170e509204ede3d27cb0bdc9983c8e10994119

SHA256
bbe70b788e6fa84591b7ab26fdec385b48396bee888e3058dd7c8d8a4cc43c96

SHA512
304a8f412a4f03da6b3fc865fcb92703cc2a291e79805d02e24ba89e83bf2f7ad58cb8ea2b45221bf489ef0d6cf45243bb56bb9139cfa92f9f2e822961724c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe

Filesize
468KB

MD5
668d0cbb97ebffa545523723d1513006

SHA1
50f3de351fa5188adbb82d3ee666c07d40f4b9d9

SHA256
3215b4f055c39dab259696322b5ab9917f86b55c0b7807b9cf599118f7adf945

SHA512
3f1a3fb4e0d9ba3f9110e9020feb588437043a541f42408a78dded6311854381d1eb57ee25c6337002ccd73a710221033e48f9c0aa3bc8f52809a1ef343de95c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe

Filesize
468KB

MD5
938d421fc7577fc7609af4bfa818578c

SHA1
7cdf8361c380f83278bbbaf31b686f300c457696

SHA256
737b98f9c7265eae478d062ecd8d1753bccfcd5d3ffef1a7bd85f3e3f2bdfed5

SHA512
044e674337e11db89a02f3bf644cf75f3a075a363420873075b648f304d17a18d4c4cf0d8e078c79bfccb2cbcc48951654e929c66ab79628cfa5519f9cdeafe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe

Filesize
468KB

MD5
966e28be81958083a723496ee0877774

SHA1
0585df6b1c4d564c4d0a886ac8b891a6e2c618c3

SHA256
61db6870380d808263d73d9ace525ec1c27d319430d576f6f19802bb5244c388

SHA512
7bce146281266c9d5743b32bec3d966d503233ab01acf2d1a531a9fdad3b0fd2310f7811fc836e352b4ecebb533746a06887fc31072f7969547375684c58c5ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe

Filesize
468KB

MD5
71d8dfc9904af937c663f963c874dced

SHA1
acf19f5f70be093c9fbda679baf4fce0970e7761

SHA256
e4865fb19af8e70ea95397c02e6223f16e653788032ffddb6e793d0a816b889f

SHA512
a3a588446885fe740bb61bcd530022c565a9c49b7b22663ffe9060d32ba2fd898037843bff075d3205ff49342f3031aeb6402262ed0b3d4f27492ae9993ad06e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe

Filesize
468KB

MD5
565c953a953e302d6143705bc1682a4b

SHA1
b927402e77ac8e9521621c23b17ab40cff4a8655

SHA256
2b497bc2cf9518ae8d13741640f7c0883615edc24840333c15df25fff30bce55

SHA512
81ee030e8191481bee17df89d9a7154b113a1a7d07d9df17ef66790e4b16d27e9aea280eacbe801d8756d38a7ff83f7239935f14c7b44836f1d4d2e8c41bf7da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe

Filesize
468KB

MD5
ef7b28b86f381c9882eafe0bbf596e8f

SHA1
4bf41baa4729a2ce1119368d08f90c1f8dac2a07

SHA256
3e549d3649805e885504ab4359989041f16f713a1b6b89002d2db155e857041f

SHA512
6c7629ca5174012a1514beb0a1d3e95577c4a935dadcd787698a335100e4f5e37056d198e1f7f2660cae2d420f08832fee9e2309d2516c68c3ddecf8cd400c26

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads