1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646

Analysis

max time kernel
120s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
Size

468KB
MD5

6230e0e108ed00028093aeb92bb09360
SHA1

e6e9d368c2a1516bb0c0d4382938aa7c5b8b9464
SHA256

1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646
SHA512

67e3615afa0e292ab9706e0465125c3b5e9f6d9a01fa1a65516ceec67c72445d6c468fbf99dc0e79cd71903988a1a3341744eaeeb33e6b21e9f8853a3ec553d8
SSDEEP

3072:sbuuorldIE3YtbY2PzcIffT/ECXZ4umWnsHCOVhD/ayaPSE7tQlv:sb3oQeYtBP4IffohOk/aR6E7t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3828	Unicorn-62732.exe
4080	Unicorn-18467.exe
3692	Unicorn-32342.exe
1348	Unicorn-34284.exe
3496	Unicorn-34838.exe
4972	Unicorn-54704.exe
2308	Unicorn-27084.exe
1408	Unicorn-57247.exe
876	Unicorn-62955.exe
4880	Unicorn-25452.exe
228	Unicorn-36635.exe
436	Unicorn-30504.exe
3172	Unicorn-49691.exe
4976	Unicorn-30090.exe
4704	Unicorn-36635.exe
2844	Unicorn-5690.exe
3808	Unicorn-63614.exe
2264	Unicorn-19287.exe
1588	Unicorn-27455.exe
4592	Unicorn-53028.exe
2776	Unicorn-53028.exe
4228	Unicorn-19514.exe
2168	Unicorn-65451.exe
3004	Unicorn-13649.exe
4948	Unicorn-10849.exe
372	Unicorn-65451.exe
2132	Unicorn-13841.exe
3508	Unicorn-49183.exe
2404	Unicorn-54891.exe
3520	Unicorn-17388.exe
4412	Unicorn-35762.exe
1296	Unicorn-54974.exe
2384	Unicorn-3665.exe
5072	Unicorn-17087.exe
464	Unicorn-52535.exe
4032	Unicorn-31368.exe
944	Unicorn-23754.exe
3468	Unicorn-10070.exe
3664	Unicorn-10070.exe
1184	Unicorn-43812.exe
1624	Unicorn-349.exe
4764	Unicorn-6479.exe
1948	Unicorn-18732.exe
3988	Unicorn-64403.exe
4756	Unicorn-11118.exe
5108	Unicorn-37106.exe
548	Unicorn-25253.exe
4456	Unicorn-42971.exe
3100	Unicorn-42474.exe
4744	Unicorn-51404.exe
2448	Unicorn-50454.exe
2924	Unicorn-30984.exe
628	Unicorn-42862.exe
4288	Unicorn-39.exe
3912	Unicorn-32773.exe
2632	Unicorn-52639.exe
4332	Unicorn-57278.exe
4816	Unicorn-26965.exe
1324	Unicorn-5476.exe
4524	Unicorn-7522.exe
4216	Unicorn-12099.exe
4504	Unicorn-14137.exe
2516	Unicorn-39619.exe
2188	Unicorn-43438.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1920	876	WerFault.exe	95
11792	11728	WerFault.exe	573

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26200.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5064	dwm.exe
Token: SeChangeNotifyPrivilege	5064	dwm.exe
Token: 33	5064	dwm.exe
Token: SeIncBasePriorityPrivilege	5064	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
3828	Unicorn-62732.exe
4080	Unicorn-18467.exe
3692	Unicorn-32342.exe
3496	Unicorn-34838.exe
1348	Unicorn-34284.exe
2308	Unicorn-27084.exe
4972	Unicorn-54704.exe
1408	Unicorn-57247.exe
876	Unicorn-62955.exe
4880	Unicorn-25452.exe
3172	Unicorn-49691.exe
436	Unicorn-30504.exe
4976	Unicorn-30090.exe
4704	Unicorn-36635.exe
228	Unicorn-36635.exe
2844	Unicorn-5690.exe
3808	Unicorn-63614.exe
2264	Unicorn-19287.exe
2776	Unicorn-53028.exe
1588	Unicorn-27455.exe
4592	Unicorn-53028.exe
4948	Unicorn-10849.exe
3004	Unicorn-13649.exe
2168	Unicorn-65451.exe
4228	Unicorn-19514.exe
372	Unicorn-65451.exe
2132	Unicorn-13841.exe
3508	Unicorn-49183.exe
2404	Unicorn-54891.exe
3520	Unicorn-17388.exe
1296	Unicorn-54974.exe
2384	Unicorn-3665.exe
5072	Unicorn-17087.exe
464	Unicorn-52535.exe
4032	Unicorn-31368.exe
944	Unicorn-23754.exe
3468	Unicorn-10070.exe
3664	Unicorn-10070.exe
1184	Unicorn-43812.exe
4764	Unicorn-6479.exe
1948	Unicorn-18732.exe
1624	Unicorn-349.exe
5108	Unicorn-37106.exe
3988	Unicorn-64403.exe
4756	Unicorn-11118.exe
3100	Unicorn-42474.exe
548	Unicorn-25253.exe
2448	Unicorn-50454.exe
4744	Unicorn-51404.exe
4456	Unicorn-42971.exe
2924	Unicorn-30984.exe
628	Unicorn-42862.exe
3912	Unicorn-32773.exe
4288	Unicorn-39.exe
2632	Unicorn-52639.exe
4332	Unicorn-57278.exe
4816	Unicorn-26965.exe
1324	Unicorn-5476.exe
4524	Unicorn-7522.exe
4504	Unicorn-14137.exe
4216	Unicorn-12099.exe
2188	Unicorn-43438.exe
2516	Unicorn-39619.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 3828	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	82
PID 4276 wrote to memory of 3828	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	82
PID 4276 wrote to memory of 3828	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	82
PID 3828 wrote to memory of 4080	3828	Unicorn-62732.exe	83
PID 3828 wrote to memory of 4080	3828	Unicorn-62732.exe	83
PID 3828 wrote to memory of 4080	3828	Unicorn-62732.exe	83
PID 4276 wrote to memory of 3692	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	84
PID 4276 wrote to memory of 3692	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	84
PID 4276 wrote to memory of 3692	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	84
PID 4080 wrote to memory of 1348	4080	Unicorn-18467.exe	89
PID 4080 wrote to memory of 1348	4080	Unicorn-18467.exe	89
PID 4080 wrote to memory of 1348	4080	Unicorn-18467.exe	89
PID 3692 wrote to memory of 4972	3692	Unicorn-32342.exe	91
PID 3692 wrote to memory of 4972	3692	Unicorn-32342.exe	91
PID 3692 wrote to memory of 4972	3692	Unicorn-32342.exe	91
PID 3828 wrote to memory of 3496	3828	Unicorn-62732.exe	90
PID 3828 wrote to memory of 3496	3828	Unicorn-62732.exe	90
PID 3828 wrote to memory of 3496	3828	Unicorn-62732.exe	90
PID 4276 wrote to memory of 2308	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	92
PID 4276 wrote to memory of 2308	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	92
PID 4276 wrote to memory of 2308	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	92
PID 1348 wrote to memory of 1408	1348	Unicorn-34284.exe	94
PID 1348 wrote to memory of 1408	1348	Unicorn-34284.exe	94
PID 1348 wrote to memory of 1408	1348	Unicorn-34284.exe	94
PID 4080 wrote to memory of 876	4080	Unicorn-18467.exe	95
PID 4080 wrote to memory of 876	4080	Unicorn-18467.exe	95
PID 4080 wrote to memory of 876	4080	Unicorn-18467.exe	95
PID 3496 wrote to memory of 4880	3496	Unicorn-34838.exe	96
PID 3496 wrote to memory of 4880	3496	Unicorn-34838.exe	96
PID 3496 wrote to memory of 4880	3496	Unicorn-34838.exe	96
PID 2308 wrote to memory of 228	2308	Unicorn-27084.exe	97
PID 2308 wrote to memory of 228	2308	Unicorn-27084.exe	97
PID 2308 wrote to memory of 228	2308	Unicorn-27084.exe	97
PID 4276 wrote to memory of 3172	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	100
PID 4276 wrote to memory of 3172	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	100
PID 4276 wrote to memory of 3172	4276	1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe	100
PID 3692 wrote to memory of 4976	3692	Unicorn-32342.exe	101
PID 3692 wrote to memory of 4976	3692	Unicorn-32342.exe	101
PID 3692 wrote to memory of 4976	3692	Unicorn-32342.exe	101
PID 3828 wrote to memory of 436	3828	Unicorn-62732.exe	99
PID 3828 wrote to memory of 436	3828	Unicorn-62732.exe	99
PID 3828 wrote to memory of 436	3828	Unicorn-62732.exe	99
PID 4972 wrote to memory of 4704	4972	Unicorn-54704.exe	98
PID 4972 wrote to memory of 4704	4972	Unicorn-54704.exe	98
PID 4972 wrote to memory of 4704	4972	Unicorn-54704.exe	98
PID 1408 wrote to memory of 2844	1408	Unicorn-57247.exe	107
PID 1408 wrote to memory of 2844	1408	Unicorn-57247.exe	107
PID 1408 wrote to memory of 2844	1408	Unicorn-57247.exe	107
PID 1348 wrote to memory of 3808	1348	Unicorn-34284.exe	108
PID 1348 wrote to memory of 3808	1348	Unicorn-34284.exe	108
PID 1348 wrote to memory of 3808	1348	Unicorn-34284.exe	108
PID 228 wrote to memory of 2264	228	Unicorn-36635.exe	109
PID 228 wrote to memory of 2264	228	Unicorn-36635.exe	109
PID 228 wrote to memory of 2264	228	Unicorn-36635.exe	109
PID 4704 wrote to memory of 1588	4704	Unicorn-36635.exe	110
PID 4704 wrote to memory of 1588	4704	Unicorn-36635.exe	110
PID 4704 wrote to memory of 1588	4704	Unicorn-36635.exe	110
PID 436 wrote to memory of 4592	436	Unicorn-30504.exe	111
PID 436 wrote to memory of 4592	436	Unicorn-30504.exe	111
PID 436 wrote to memory of 4592	436	Unicorn-30504.exe	111
PID 4880 wrote to memory of 2776	4880	Unicorn-25452.exe	112
PID 4880 wrote to memory of 2776	4880	Unicorn-25452.exe	112
PID 4880 wrote to memory of 2776	4880	Unicorn-25452.exe	112
PID 3828 wrote to memory of 4228	3828	Unicorn-62732.exe	113

C:\Users\Admin\AppData\Local\Temp\1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe
"C:\Users\Admin\AppData\Local\Temp\1205d4771bf05d9d27057cf651026cfe50138e0ee928800a29a0700e968fd646N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        10⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        11⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        11⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        11⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        10⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        10⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        10⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        9⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        10⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        10⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        9⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        9⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        9⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        9⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        10⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        10⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        10⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        9⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4605.exe
        9⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        7⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        7⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        10⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65226.exe
        10⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        9⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        9⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        9⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        8⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        8⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        9⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        9⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        7⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        8⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        7⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        7⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        10⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        10⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
        9⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        9⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        8⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        7⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        7⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34088.exe
        9⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        9⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        7⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        5⤵
        Executes dropped EXE
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        7⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        6⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        5⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50700.exe
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        5⤵
        
        PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 488
        5⤵
        Program crash
        
        PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        6⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27581.exe
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        7⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
        5⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        7⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31413.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        6⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        5⤵
        
        PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
      4⤵
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
        7⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        9⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        10⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        10⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        9⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        9⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        8⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        7⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        7⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        6⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        8⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11399.exe
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        7⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        7⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
        7⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3468.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4121.exe
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        5⤵
        
        PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        6⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        5⤵
        
        PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35447.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        6⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32545.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        5⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        5⤵
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        5⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
      4⤵
      PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        8⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        9⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        8⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        7⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        7⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
        8⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11728 -s 212
        9⤵
        Program crash
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        6⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57720.exe
        6⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        6⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        7⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        7⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26437.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        6⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
      4⤵
      PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        6⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        7⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        5⤵
        
        PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        5⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
      4⤵
      PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        5⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        5⤵
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      4⤵
      PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
      4⤵
      PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        7⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
      4⤵
      PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
      4⤵
      PID:14140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45679.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        5⤵
        
        PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
      4⤵
      PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
      4⤵
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
      4⤵
      PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
      4⤵
      PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
      4⤵
      PID:15672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
    3⤵
    PID:9480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
    3⤵
    PID:12888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
    3⤵
    PID:5600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31939.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        9⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        10⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        10⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        9⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        9⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        8⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        8⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        9⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        8⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
        6⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
        7⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        7⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        7⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
        6⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        5⤵
        
        PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
        6⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6476.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32954.exe
        7⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        7⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        6⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        7⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        7⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        5⤵
        
        PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
        5⤵
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54295.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        8⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        6⤵
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        6⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        5⤵
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9333.exe
      4⤵
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34205.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
      4⤵
      PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        7⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        7⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        6⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        5⤵
        
        PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        6⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        7⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        7⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        6⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
      4⤵
      PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
      4⤵
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        7⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15773.exe
        7⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        6⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        7⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        6⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
        6⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        5⤵
        
        PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        7⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36462.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
      4⤵
      PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32557.exe
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
      4⤵
      PID:5628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
      4⤵
      PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
      4⤵
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
      4⤵
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
        5⤵
        
        PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
      4⤵
      PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
    3⤵
    PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40419.exe
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
      4⤵
      PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35960.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:15160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        9⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        9⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        8⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        7⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        6⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        7⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        7⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
        6⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8137.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        7⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64684.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1764.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        5⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41947.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        5⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38000.exe
      4⤵
      PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        6⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30100.exe
        6⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        5⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
        5⤵
        
        PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        6⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        5⤵
        
        PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
      4⤵
      PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        5⤵
        
        PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
        5⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        5⤵
        
        PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        5⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49613.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        5⤵
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
      4⤵
      PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
      4⤵
      PID:16908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
    3⤵
    PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
      4⤵
      PID:4008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33733.exe
    3⤵
    PID:10932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
    3⤵
    PID:15148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        6⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        5⤵
        
        PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
      4⤵
      PID:15648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43158.exe
    3⤵
    PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6983.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
      4⤵
      PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
      4⤵
      PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
      4⤵
      PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
    3⤵
    PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
      4⤵
      PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
      4⤵
      PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
      4⤵
      PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59307.exe
    3⤵
    PID:10972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
    3⤵
    PID:15240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
    3⤵
    PID:16908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
    3⤵
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
      4⤵
      PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
      4⤵
      PID:64
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
      4⤵
      PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
    3⤵
    PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
    3⤵
    PID:9504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
    3⤵
    PID:17112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
    3⤵
    PID:15892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        5⤵
        
        PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
      4⤵
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      4⤵
      PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
      4⤵
      PID:6804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
    3⤵
    PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
      4⤵
      PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
    3⤵
    PID:9416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
    3⤵
    PID:12700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
    3⤵
    PID:16416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
  2⤵
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
    3⤵
    PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
      4⤵
      PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
      4⤵
      PID:14152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
    3⤵
    PID:10708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
    3⤵
    PID:15064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
    3⤵
    PID:3328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
  2⤵
  PID:7348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
  2⤵
  PID:10176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
  2⤵
  PID:14120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
  2⤵
  PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 876 -ip 876
1⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 11728 -ip 11728
1⤵
PID:12268

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe

Filesize
468KB

MD5
2eac070c6dff43d098f08d08fa1ad1a3

SHA1
ef3ee64c1a857f9237877b0a701396941de08ad7

SHA256
fec6e65de519e878aacbd685128c8538bdd40140c24f0a1750b31877ab532eb6

SHA512
0d3cea31bad3fa4f5d0725a7c1f27c884e7c1031891be9465935c0c7e3a5c1cea750826d93f24e3359b51ec7af21c7e13ddd4873e1ec2fb6c8226c91a2ff4909

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe

Filesize
468KB

MD5
6261883e0d17149f9d0f681266ac4c86

SHA1
e141aa2623413ab837f96b6dfc70ab8ac3989894

SHA256
79333702324ea03b549ee76c8c18d08f7c7ac44bd55523ad2a897e747665fb45

SHA512
d494a303f15d0dd4ed35a3c243d8a3b3ec399307d177c2c9ade37b785f0ff6933a8ba1f69e79060157407bb586a05ae8389303983b42e36d2f829ef23f7a7f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe

Filesize
468KB

MD5
aacd146d447607c62a6505cf19888aec

SHA1
7c12571da0c3570842d09e63e0dd1c1c86892f12

SHA256
ce484e233260135d9d0914203f3f5db2423f42ff71c0a8651c0ef8ef13bde21f

SHA512
471dd9aa074d107fab365d78c115cc29be82bb830e22471864f10c7fabc2686436e08d94bdbbb1c9859f3f52ce9a1dde060b99a796ca648b4e2201c4c6c0ff4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe

Filesize
468KB

MD5
be559056c5ffdc54bcaa10f26e6a0117

SHA1
9fced0c9d368b6bc53da8e7c0190eedc8ac5cebc

SHA256
c0dba2352513f6472181e7728534ad0075e564250e693e6446ea2865a754e70e

SHA512
ca253d6b53337660aed57f1856f86c5cc7bc4a4da9103d1c4adc7ef287abb4f82aed1f50a9e0aa39db4f805e957eeff0433bc4295780ab919381ddd62665a4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe

Filesize
468KB

MD5
e9e4a6368cde02cffc2159df007a68a5

SHA1
3347aa847988f9cd46d7bae47fb6549e31e81c66

SHA256
53bc915fdfc9e012ec59187b4dafe94a32a787e63e4bd7a48eae15b7429db4c1

SHA512
1602b8c53d6a42d5451500d6cabab5dabc978367fe0cba8571a44e40df559244cd08031e0967a0e52a665718c5eda100d3a4df51d3f554f85637082b22160941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe

Filesize
468KB

MD5
ebd202aa91ff22027ce30c473fab193b

SHA1
38674ce46edb55d9594638437f5a5392200c11b5

SHA256
81bc7c50772a92884531d1c7f94afcc8526cbe12be1c08fb1015ad7d853dc22b

SHA512
83d729780f1b73c8520504d081b46a35fa28f30f41c4397ceacd44bf1865fb8a274cf057c5e088cc7db8a34cc8aff1a17660f79971b52cb26d86c18c329b8fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe

Filesize
468KB

MD5
9304df73c4ff2429e1b7147d3cd34edc

SHA1
1d3a3d34fef58bf7477b55586cc28354f29c17bf

SHA256
4526ce1563017a23d0b32e4503d4d2c3b181ef3a262977c605e259ef752e850f

SHA512
4123dcc2abf02fa52de98be08d11a16d9aa691880d7f2aad726b57deacaafbffe97e2456666e6e532ff1de690c37ee3a7ee3b4736f76294647ce13c650cb8ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe

Filesize
468KB

MD5
f1d0985d57a9bb39d4e3ff27aebc803f

SHA1
134f1d064e0dbfdca59b1acce6f1c94146ff36c2

SHA256
d9818c2c7b9eb1d2f494233d35d8740863bb8c0f33fe1b5284e9eeef79b45c27

SHA512
6720aed57608fe9b078b77425842f368605bc6e8d2064f93dc78445fc091c52dff2cbc92a66528758625aea0aec783878410808c4bad06a08396e7cbdaf2f477

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe

Filesize
468KB

MD5
9e4c3a508387fe6714b3e55fb255c1ed

SHA1
f73c7e4e04f063e4119317e4a8531fc01c8b25f2

SHA256
269a04477ed6f5c58114712d4bae8372cca2834cdda3e09b2bd8696e77003304

SHA512
1191be1ce4006a21246abc3425bfe94e98cf21d0256190edd8504f3aedbad0f10d22a24667718671b66997d97c74967ce7347ad0548cac302349b1ae58b722a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe

Filesize
468KB

MD5
0000c0bdfbcd0caa45c00e4aaec0ef5e

SHA1
aba35526a2ed6f702b10827c6e544a230313aca9

SHA256
55088a81943007f75e914df33ed5322a57e7dc5a27caaaee172ff9bc62c2a616

SHA512
ef610b1c744442855eb8fa8e02dbc5515090c08363fbff2ae861a02c3904b805e9add3c1e19f1cbb746cf81d7e86061df5b9941498a2b5f4d7bd4f53b3191221

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe

Filesize
468KB

MD5
23356982af8e0548f44c84dd5ccfe62c

SHA1
dc419442d04cc57c0a6d5a8209c6abde0845de24

SHA256
95cf5736c8b78126a86f11a121803ac595608b334c91c1c1220277981cc52265

SHA512
2f4828cbc6f574ed5669f5e43d7968d3f9df3978e027158bcac87e9bf7dc5fd3cb0f861231837dcef381419c99512d588aedb01e64cb8ce677b9d18c481c847e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe

Filesize
468KB

MD5
3672187846c91e78a22ef22060159822

SHA1
708322f5ea76ebc0b7f1497bb00ae9398a6db706

SHA256
27876ddac163f7836f3b58d066dbd66bea7896aa82ea47ea387ec4b65a83466a

SHA512
e97afb48437a3dfd08bc0855d3737f0453f0034f95d81a93bdefa6e1b90f7cde486b11560e17675d1dc7fbb5ee2d06e0a4cb98d1cb29a5d0ffb14d46184dbf89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe

Filesize
468KB

MD5
0a3fb7395fb331bf18c7f04ed79c0d44

SHA1
2e2948af2b010d6734095852b45eeb12ca55589a

SHA256
13dd2973d635d5a82c4b9d5cbccbb218f4d10e299ecd27999e19106bc05e8baf

SHA512
2eb54ec712262f5654792bada4ea60286d19e691aba6515d66637c4fd0d4cbb32faf1232cf8e82c81461c25dff1d32429f72616569becefed9cbab3bbaf3e7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe

Filesize
468KB

MD5
8a3ccf239107b92f5a575f462528655f

SHA1
2f3732c05697fcda1a1ab33fa91f2cca6794a278

SHA256
7aca1d6cbd33f08b2ddd6e7c05d979d27e29f00020e74d48c92d7e1afcc9a120

SHA512
f0348f1321f22ed07b25a5ada7a1cc308615655ae88404dbe08e4d759cd30a282d38f7cdd5a579b7c01621bc6ff3ed4794732c01d33c6665eea49db817a8fa0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe

Filesize
468KB

MD5
7e6460488eeae6526232b4817fe9fd7f

SHA1
33d32178cf1bf45e2024897dbeb70199311bf10d

SHA256
0a41e63047aee494cf4b63bc75eada76eeb1a5a4efe0eb2b45ba8e3e5731a0bc

SHA512
269222d98671684829d5fb9f8d023c9f5c4bee9481bbb0d3c121d23e7046b7ae7a7c91ab88f433d5d7a1f444f9eff2fc20bab9693caf74c5a1473432e161db1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe

Filesize
468KB

MD5
951d9ed104693af086eac4cca7c34def

SHA1
5bce234d6ea6b1f76f1a160960ed18e858f9e5c1

SHA256
9e8dc1e4536415811132b0447b1d7041d1f5b0fc8c44a65630f34a66776aa48f

SHA512
0aa5bcd90a02ec2023a72db15648bc26959e764077d0fbab0bfc4736cc6af0b26d6bb18a24d711524e6b783a630a861d50dab01d6540a9e05a52322471f4c659

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe

Filesize
468KB

MD5
9f6b927b274d4dcd720c64baf2e1161d

SHA1
6341d2f4d8f4aa05512e23d5e9a5ceb6271cf7b5

SHA256
ddc2714a2ae4fcdc05c957646f8a93818df9e8c81159f81f7a159189a9520b9e

SHA512
16b33d09b094dcfde4d5d75d3f752fc1f27634703ff8f59e29e16b947f6f714f573d495596d1a12999fa814c30ccece092314cc347c4f29d469d6130dec6ceb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe

Filesize
468KB

MD5
02a55db05f4077853695c3cc857c15d8

SHA1
046e47813609f05e8ed0f0758c1e93ef495d15b1

SHA256
635876d3dc2737da3a48cead1f3d1d69501d9050127d9363c8b39e771f53bead

SHA512
a3be3f51ec3b0139732196fa3ae76b0f61787dc4a05dd1222508e236b5a89714c23366ddbd9218deffa46fa237c1bd9f2d23ed443ceab8ff5fbc977976ccabde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe

Filesize
468KB

MD5
59a6866e9b19f0c0cfbc19a221d9fcee

SHA1
8db6ee3fb5ca0588067ef65e56fb98bf7764864b

SHA256
d750f763f8cd2d3107e4d85c99d6909ef190dc74371dcb4c89c5fd964d7979df

SHA512
0ab844ea20bf1f615c3bc004d2126a7be13a496763023f886e9829a33979575199918be0977fb164096a696bf5e6b1e200113f3e9bd7dfc53269f8e9345e6dd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe

Filesize
468KB

MD5
8105e97c7e38b4e578d5ba225c5f5f06

SHA1
e8be69a154bf84edd9d2ed5c6ad994041b41abc4

SHA256
c4aa7e198885c89b6223d98a76115c8aab4449a94340df137c313e005fabc897

SHA512
bea7aa8ab470506e407345d5dac8f0ddae856976c99ab4434ac6e619418081523b5cf4350ac7046f79d52cd53bf893ea38dc37e55907456c750e2f1c11c24b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe

Filesize
468KB

MD5
df27139c7823b0846d5409b1777c476a

SHA1
c99fff61b9cee40029124daa678e63a7c82cb196

SHA256
dbbe1187d738b53ee1e2c77c6b0be1b603a892512d18469af09322f5368e84d4

SHA512
96cc9050a59773f8e719d8892d990b5b3a5bb8aa8dea71939d00f4efc1e5f9f60e22e1b57ed61e04b8d8e9b46361570977c1acc7c439746d7fc0bc7b60ce37ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe

Filesize
468KB

MD5
c206df1e3898fee98fec6bb9897a0261

SHA1
90b83277604bb4ab024dc934fe5621ab18aa2e7c

SHA256
c6f364ebecb91f4e375044e2f1d3424a48f3fa679ef0f4ad7ecd8744f0926ce6

SHA512
6e91f9194ca58a1082d493ff84fe9e1f8349acd4e783d3d6ed741e389a6886cd8dcf558a63055803dfe9970650ed2267ab65fbc00b9d837e344543575cd2af98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe

Filesize
468KB

MD5
943181eafddd9cc8408efb9a7343817a

SHA1
6e564a856c6fe190138913aa5bbb997948b3d6f3

SHA256
f9b0e22b109518e7a3afdf4eb38eb3dfe5c72408899a69db5fa8c1fe1f1e48bb

SHA512
b2d2ea0f5e0f92eebfcce2f84c7931349956a2fc61323e941b80ebea5da5150569e2936dff455896f331b239808119a4fad845a7ee7290c8f8eded0d15f7d395

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe

Filesize
468KB

MD5
bfca86c127ad3a6b8dced67a37cb0897

SHA1
91db2f680208f850facbe6b79eb4108bc30f827d

SHA256
08ec8e23ccc4e4ef16737859408975d279fb1d747abe7ffda0608683ed9ddf75

SHA512
3c54bf60685173291e1b999e3763acdb1e29351583fd63bbd2c605e9ae7a9d2b0f7f3c9dec01953ddd9d8e18aa84addaa7c0e74859849271b7209a6f8109b837

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe

Filesize
468KB

MD5
620038a9850bafaddbbd63024655ea80

SHA1
42d4b160a8c411a59e7614c63dab7c86fb2d1d7e

SHA256
c29c3c636eb748a719400a30beb5802e218dfb162c75eb0aec6dc5192de35aab

SHA512
18504af43ed3345a944684ccada6b4934e66473b43047f07049761f51b0840050551ea678aa224cbad920658883c01e69ca390ad311183d96fd8126478538374

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe

Filesize
468KB

MD5
af5c66aa04aa1d2543bc8539bd52d936

SHA1
c0ccc2d514fe551df08b61b600534114abcd35ad

SHA256
1611e5266d817bc782676887fbd56d1747c16e5c682cab39847281b7219a24ff

SHA512
750b2f9983cd6fb9a231790caa6325717d27d25c27ca684a2d6d096c99fb9a7215bbc7e8164cfd9a7cb84f7e3a942e1e7649edacb881b163483ce7023c0daf91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe

Filesize
468KB

MD5
d8616536aefe400c1e83439b81ac4e23

SHA1
89493c1a508ab5deb35d21c0ef4e69d65b5601f3

SHA256
0dda1476f4951522112a9c3e5b18504991b9792c935ae55c690b7a96c2510ae2

SHA512
5f0b9b48d251ffb2c155d59e9236c7d46178899948a2fff9eb27163bcfbfa71b083263cfbf315ec37f5e7a5502877e66e3c8f0add8ba7f78ac434c60ffe3c5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe

Filesize
468KB

MD5
16e59c652d1d7a47994163c17104fdf5

SHA1
2a61477761f73536ceecdeafa4c440f9cd1a5afc

SHA256
5d516a00ad5d6578947d2833615e17cee7dfde9bdf1e4571d848a0ed5d1d1e70

SHA512
872afdca8ea3e43d1512eaef31ba7f2f17c14cf4ed323e4c65d8c2fb1035e2fb74a09ede6e4ef864f1153dc5af100d9684a7c3ccb2011c47dcde08393e4a5b66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe

Filesize
468KB

MD5
597dfd06580098e1d4e96cbb9d82aaf2

SHA1
faa99f591250d0147974b6205cc3f9b1468ddb22

SHA256
5483435e235d983f0cf3dc45666fc0265dd6cdf525846437e4f6dbfe6ae5863a

SHA512
6f8ca160614726f0950789ea7f4be9e624ac0bfdbb04a88be48267ef0e285b87fa77e901f5238191e9366c072a1739f2ed3982b34c00a8dd45a1a562b7dc31df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe

Filesize
468KB

MD5
a049f995b9fcabae12a6c813212a60a7

SHA1
57d110a35a10af8c954597e746f4ba8f98916e65

SHA256
88bcddea4f78b97a7f2992beba694d7ac1c45f87155f1d24e10160383768d1e8

SHA512
2f3b75c80d5b47583136ec08a14d4fc7ca3e3a7a1d48ee6dfd2c4d9a6a36eb61143f46548fe2f29bae5aa6d3c2816fda436941ca82b3f4e72fb55397ac921b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe

Filesize
468KB

MD5
75174752c6088c7354b70f9e3dc8bbaf

SHA1
33fdc9a8753e44903592b06a0dcf72e70483ba2a

SHA256
ed05dee6b2196e7673a05631431da73cbe0421f06e75fefd16a97a053faddc93

SHA512
23d123b6aea73a41bf04b159c28cf3bf5857d6a43270f3cada4d2eca2cff0d0609053f72ab7b1ec5ebf6b00491d579aeb64df35d729439eef839aea479db3748

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe

Filesize
468KB

MD5
135f0a690922ae402232aad2093faa27

SHA1
734fe5ed29a94456ad6ad36ef6b18f4b09f6cf2e

SHA256
da14d2ceba221cf7c0b6c0c01a19e9df03ac1dca2f1b8313f545f605d491b2b1

SHA512
04870b3672d5b5193084ef32f84a20b396ddb2ebddccc68244239bfc72374deaeeb8baa091829390b2fb8da30350eb69159ff3d4532839548e475c2f2a82ec46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe

Filesize
468KB

MD5
f44771d6ef86e366b6a4baace22553a2

SHA1
2648b5d26df35d94d044040322343144e2605f49

SHA256
2bb58266a5eaea8ce0b4c286a4099695ae7e3a9af1a456fd09af6bc19c8e745d

SHA512
c9e7a128923a304a198f09db519eec33aefc319fc5f8d54af057fd07d64ef93ceaa2e95d2b27b177a0e5c442bef070b4f103937d818d4471bf2c33fa34f20c47

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads