dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8

Analysis

max time kernel
120s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe
Size

468KB
MD5

56bc765f2181203e21ce1a5193199d00
SHA1

a57d6482d0f684ff742a3da8929dd53dfd71f4f5
SHA256

dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8
SHA512

eb0dab04c7d4607f7ec4e1acc4d94ddffe98f6bef83f382ddd190ee9d3c4e342a19efbe9da4d53738e93bd5220a06a98f5fac3dd79662d1e76ef6b19c880b61e
SSDEEP

3072:WAoCog4djx8U2bY9Pz5t8f5EChjWIpBMmHevVpNFWAC3FHk0Ddl7:WANoryU2KP1t8fs08lFWAwRk0D

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4696	Unicorn-6921.exe
1016	Unicorn-31722.exe
4800	Unicorn-61633.exe
1872	Unicorn-10009.exe
2620	Unicorn-34514.exe
2312	Unicorn-28383.exe
3008	Unicorn-14648.exe
1320	Unicorn-18474.exe
3560	Unicorn-50881.exe
768	Unicorn-34618.exe
2928	Unicorn-18282.exe
1948	Unicorn-63953.exe
4220	Unicorn-61426.exe
4616	Unicorn-528.exe
788	Unicorn-14263.exe
696	Unicorn-54405.exe
4072	Unicorn-60113.exe
2536	Unicorn-5511.exe
4832	Unicorn-14441.exe
1964	Unicorn-21650.exe
3524	Unicorn-7351.exe
388	Unicorn-29626.exe
3868	Unicorn-29626.exe
2380	Unicorn-21458.exe
3720	Unicorn-13289.exe
2116	Unicorn-58961.exe
4776	Unicorn-56936.exe
1620	Unicorn-43200.exe
4716	Unicorn-38105.exe
5052	Unicorn-13289.exe
3140	Unicorn-49256.exe
712	Unicorn-58074.exe
2284	Unicorn-51752.exe
4576	Unicorn-8681.exe
2040	Unicorn-38592.exe
2488	Unicorn-58266.exe
4384	Unicorn-9065.exe
1028	Unicorn-54737.exe
4244	Unicorn-52729.exe
2580	Unicorn-28032.exe
4264	Unicorn-17071.exe
4988	Unicorn-64234.exe
4992	Unicorn-48474.exe
4900	Unicorn-32138.exe
4984	Unicorn-32138.exe
4596	Unicorn-64810.exe
1540	Unicorn-39352.exe
5064	Unicorn-31946.exe
3716	Unicorn-31946.exe
1136	Unicorn-7249.exe
2344	Unicorn-52921.exe
3792	Unicorn-64618.exe
2392	Unicorn-44753.exe
3708	Unicorn-58488.exe
1148	Unicorn-27456.exe
1632	Unicorn-47057.exe
3572	Unicorn-11120.exe
2424	Unicorn-62697.exe
1924	Unicorn-6024.exe
1480	Unicorn-8401.exe
3900	Unicorn-8136.exe
1864	Unicorn-47057.exe
2600	Unicorn-47057.exe
1916	Unicorn-1385.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7592	5868	WerFault.exe	216

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3911.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15496	dwm.exe
Token: SeChangeNotifyPrivilege	15496	dwm.exe
Token: 33	15496	dwm.exe
Token: SeIncBasePriorityPrivilege	15496	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe
4696	Unicorn-6921.exe
4800	Unicorn-61633.exe
1016	Unicorn-31722.exe
2312	Unicorn-28383.exe
2620	Unicorn-34514.exe
1872	Unicorn-10009.exe
3008	Unicorn-14648.exe
768	Unicorn-34618.exe
2928	Unicorn-18282.exe
1320	Unicorn-18474.exe
3560	Unicorn-50881.exe
1948	Unicorn-63953.exe
4220	Unicorn-61426.exe
788	Unicorn-14263.exe
4616	Unicorn-528.exe
4072	Unicorn-60113.exe
696	Unicorn-54405.exe
2536	Unicorn-5511.exe
1620	Unicorn-43200.exe
4832	Unicorn-14441.exe
2380	Unicorn-21458.exe
4716	Unicorn-38105.exe
5052	Unicorn-13289.exe
1964	Unicorn-21650.exe
388	Unicorn-29626.exe
2116	Unicorn-58961.exe
3524	Unicorn-7351.exe
4776	Unicorn-56936.exe
3720	Unicorn-13289.exe
3868	Unicorn-29626.exe
3140	Unicorn-49256.exe
712	Unicorn-58074.exe
2284	Unicorn-51752.exe
4576	Unicorn-8681.exe
2040	Unicorn-38592.exe
2488	Unicorn-58266.exe
4384	Unicorn-9065.exe
1028	Unicorn-54737.exe
4244	Unicorn-52729.exe
2580	Unicorn-28032.exe
4264	Unicorn-17071.exe
4988	Unicorn-64234.exe
1540	Unicorn-39352.exe
4596	Unicorn-64810.exe
4984	Unicorn-32138.exe
4992	Unicorn-48474.exe
4900	Unicorn-32138.exe
3572	Unicorn-11120.exe
1924	Unicorn-6024.exe
1632	Unicorn-47057.exe
1148	Unicorn-27456.exe
2424	Unicorn-62697.exe
2392	Unicorn-44753.exe
3708	Unicorn-58488.exe
5064	Unicorn-31946.exe
3716	Unicorn-31946.exe
2344	Unicorn-52921.exe
1136	Unicorn-7249.exe
3900	Unicorn-8136.exe
1480	Unicorn-8401.exe
3792	Unicorn-64618.exe
1864	Unicorn-47057.exe
1916	Unicorn-1385.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 4696	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	89
PID 2244 wrote to memory of 4696	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	89
PID 2244 wrote to memory of 4696	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	89
PID 4696 wrote to memory of 1016	4696	Unicorn-6921.exe	95
PID 4696 wrote to memory of 1016	4696	Unicorn-6921.exe	95
PID 4696 wrote to memory of 1016	4696	Unicorn-6921.exe	95
PID 2244 wrote to memory of 4800	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	96
PID 2244 wrote to memory of 4800	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	96
PID 2244 wrote to memory of 4800	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	96
PID 4800 wrote to memory of 1872	4800	Unicorn-61633.exe	98
PID 4800 wrote to memory of 1872	4800	Unicorn-61633.exe	98
PID 4800 wrote to memory of 1872	4800	Unicorn-61633.exe	98
PID 1016 wrote to memory of 2620	1016	Unicorn-31722.exe	99
PID 1016 wrote to memory of 2620	1016	Unicorn-31722.exe	99
PID 1016 wrote to memory of 2620	1016	Unicorn-31722.exe	99
PID 2244 wrote to memory of 2312	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	100
PID 2244 wrote to memory of 2312	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	100
PID 2244 wrote to memory of 2312	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	100
PID 4696 wrote to memory of 3008	4696	Unicorn-6921.exe	101
PID 4696 wrote to memory of 3008	4696	Unicorn-6921.exe	101
PID 4696 wrote to memory of 3008	4696	Unicorn-6921.exe	101
PID 2312 wrote to memory of 1320	2312	Unicorn-28383.exe	104
PID 2312 wrote to memory of 1320	2312	Unicorn-28383.exe	104
PID 2312 wrote to memory of 1320	2312	Unicorn-28383.exe	104
PID 2244 wrote to memory of 3560	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	105
PID 2244 wrote to memory of 3560	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	105
PID 2244 wrote to memory of 3560	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	105
PID 2620 wrote to memory of 768	2620	Unicorn-34514.exe	106
PID 2620 wrote to memory of 768	2620	Unicorn-34514.exe	106
PID 2620 wrote to memory of 768	2620	Unicorn-34514.exe	106
PID 3008 wrote to memory of 2928	3008	Unicorn-14648.exe	107
PID 3008 wrote to memory of 2928	3008	Unicorn-14648.exe	107
PID 3008 wrote to memory of 2928	3008	Unicorn-14648.exe	107
PID 1016 wrote to memory of 1948	1016	Unicorn-31722.exe	108
PID 1016 wrote to memory of 1948	1016	Unicorn-31722.exe	108
PID 1016 wrote to memory of 1948	1016	Unicorn-31722.exe	108
PID 1872 wrote to memory of 4220	1872	Unicorn-10009.exe	109
PID 1872 wrote to memory of 4220	1872	Unicorn-10009.exe	109
PID 1872 wrote to memory of 4220	1872	Unicorn-10009.exe	109
PID 4800 wrote to memory of 4616	4800	Unicorn-61633.exe	110
PID 4800 wrote to memory of 4616	4800	Unicorn-61633.exe	110
PID 4800 wrote to memory of 4616	4800	Unicorn-61633.exe	110
PID 4696 wrote to memory of 788	4696	Unicorn-6921.exe	111
PID 4696 wrote to memory of 788	4696	Unicorn-6921.exe	111
PID 4696 wrote to memory of 788	4696	Unicorn-6921.exe	111
PID 2928 wrote to memory of 696	2928	Unicorn-18282.exe	112
PID 2928 wrote to memory of 696	2928	Unicorn-18282.exe	112
PID 2928 wrote to memory of 696	2928	Unicorn-18282.exe	112
PID 3008 wrote to memory of 4072	3008	Unicorn-14648.exe	113
PID 3008 wrote to memory of 4072	3008	Unicorn-14648.exe	113
PID 3008 wrote to memory of 4072	3008	Unicorn-14648.exe	113
PID 2244 wrote to memory of 2536	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	114
PID 2244 wrote to memory of 2536	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	114
PID 2244 wrote to memory of 2536	2244	dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe	114
PID 3560 wrote to memory of 4832	3560	Unicorn-50881.exe	115
PID 3560 wrote to memory of 4832	3560	Unicorn-50881.exe	115
PID 3560 wrote to memory of 4832	3560	Unicorn-50881.exe	115
PID 1948 wrote to memory of 1964	1948	Unicorn-63953.exe	116
PID 1948 wrote to memory of 1964	1948	Unicorn-63953.exe	116
PID 1948 wrote to memory of 1964	1948	Unicorn-63953.exe	116
PID 1016 wrote to memory of 3524	1016	Unicorn-31722.exe	117
PID 1016 wrote to memory of 3524	1016	Unicorn-31722.exe	117
PID 1016 wrote to memory of 3524	1016	Unicorn-31722.exe	117
PID 4220 wrote to memory of 388	4220	Unicorn-61426.exe	118

C:\Users\Admin\AppData\Local\Temp\dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe
"C:\Users\Admin\AppData\Local\Temp\dccdd1091320c896bbeb888e8224138399e1310cfa8b6f441a386a17f8c6ffd8N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        9⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        8⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        9⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        8⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        8⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        8⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        7⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        7⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        6⤵
        Executes dropped EXE
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        7⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        8⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        7⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        6⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        8⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        7⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38691.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        7⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        6⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
        7⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        9⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        9⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2279.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        8⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        7⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        7⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        6⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 632
        7⤵
        Program crash
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        6⤵
        
        PID:17900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        7⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24096.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        6⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        6⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        5⤵
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
        7⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58291.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
        6⤵
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        5⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        7⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        5⤵
        
        PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
      4⤵
      PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        9⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
        10⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        10⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        10⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        9⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        9⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20366.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        9⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        9⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22974.exe
        9⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        9⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        9⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        8⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        7⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        7⤵
        
        PID:180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        7⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        8⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        8⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26016.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        7⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        7⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28727.exe
        6⤵
        
        PID:18304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        7⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        6⤵
        
        PID:18192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27265.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        9⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        9⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        9⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33697.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        8⤵
        
        PID:18264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        7⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        5⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63082.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        8⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        7⤵
        
        PID:18096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39235.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        7⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27808.exe
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        5⤵
        
        PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
      4⤵
      PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43866.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1816.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        7⤵
        
        PID:16476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        7⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        7⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        6⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27507.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        7⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        6⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45146.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
      4⤵
      PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
      4⤵
      PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
      4⤵
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
      4⤵
      PID:15408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        5⤵
        
        PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
      4⤵
      PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
      4⤵
      PID:16580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
    3⤵
    PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
    3⤵
    PID:13756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
    3⤵
    PID:17136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
        9⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
        10⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        9⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        9⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        8⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        8⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11425.exe
        8⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        6⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        8⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        7⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
        6⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        7⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        6⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        6⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        5⤵
        
        PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        9⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        9⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        7⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        6⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        5⤵
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        7⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        6⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
      4⤵
      PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
      4⤵
      PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        7⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5840.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
        7⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        6⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        5⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46170.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        7⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        7⤵
        
        PID:18248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        7⤵
        
        PID:17868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        6⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61704.exe
        5⤵
        
        PID:16616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        5⤵
        
        PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
      4⤵
      PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        5⤵
        
        PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        6⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        5⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
      4⤵
      PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
      4⤵
      PID:15880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47671.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        5⤵
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25658.exe
      4⤵
      PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:18160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
    3⤵
    PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18529.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
      4⤵
      PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
    3⤵
    PID:11412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        7⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        5⤵
        
        PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        6⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61106.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        5⤵
        
        PID:17180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        6⤵
        
        PID:17612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9576.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        5⤵
        
        PID:17860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4560.exe
      4⤵
      PID:16632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        7⤵
        
        PID:18232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        6⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        5⤵
        
        PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        5⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        6⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        5⤵
        
        PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
      4⤵
      PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        6⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
      4⤵
      PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41616.exe
        5⤵
        
        PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
      4⤵
      PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
      4⤵
      PID:17268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
      4⤵
      PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        5⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        5⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
      4⤵
      PID:13204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
    3⤵
    PID:11600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
    3⤵
    PID:15864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        6⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52248.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53592.exe
        7⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2753.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        5⤵
        
        PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
      4⤵
      PID:15836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        5⤵
        
        PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
      4⤵
      PID:12600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
    3⤵
    PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
      4⤵
      PID:15716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
    3⤵
    PID:13028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12585.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17257.exe
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        5⤵
        
        PID:17776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
      4⤵
      PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
    3⤵
    PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
      4⤵
      PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
    3⤵
    PID:11280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
    3⤵
    PID:17192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
      4⤵
      PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
      4⤵
      PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
    3⤵
    PID:11736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
    3⤵
    PID:6836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
  2⤵
  PID:6268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
    3⤵
    PID:9048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
  2⤵
  PID:6492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
  2⤵
  PID:12496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
  2⤵
  PID:16496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4508,i,16315016104747277319,5510969007830467313,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
1⤵
PID:2264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5868 -ip 5868
1⤵
PID:7452

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2972 -ip 2972
1⤵
PID:16736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe

Filesize
468KB

MD5
718bc6a8a5bc7c4acb419ac67e7e45b0

SHA1
863f141f42c4f92a66341a2abd668858743eaca8

SHA256
bc415611f8acb67d11b9e42f7f08e476a2b1fa9d29ba5ad4bc0caaaac7f6026f

SHA512
6a2dac02fa45aef24d99c3fe9bf4b6f5248d2b1b6fb537992ccadbf6ad5071276de0225719fdfbb92654b4ce23baaf76cf8c1d5478d5d5f2a831349fa0ddcdb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe

Filesize
468KB

MD5
8a54ae720f72b1426d63f395fcaa0384

SHA1
b2c2b9cef762c2da19cf4d718beb8571783e7d2a

SHA256
81fe01c1e40498bea018e053d5089a1cda8729f78b13945f8e7607d44e9a02bf

SHA512
7b23c6829ef346fcd03a60441177f6d9f55e627d8e32d834a06e04283bd4fec3f02f4798b3eed3e286fa0eec2b1940b7312e7fbfd84c0e3f441c578ea030303e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe

Filesize
468KB

MD5
40840ff7b1d786a1e5eda88487a7112d

SHA1
70095be40b225dd1763c4c3eee0023fa9d04a09e

SHA256
b616d868fca4162ce90e8d6fa7588513b71b8440cd7ced60894d3d2d034fae04

SHA512
a2d906d57ba1791bf5689406a39c1969bb2e11c346184cdf2344e30080f0b0c5cbc7da715359612ad47490ab6787df28d007066f4013e18f8529b55dc11bb0ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe

Filesize
468KB

MD5
c606f65a9c0c84724a813df1d8b722a3

SHA1
e0e12d41c2610192935272cd61dc1697d33876a6

SHA256
3bf0601a130887c3fda77860c3e08a29a3823f5ab4b094c6e515183f1912e502

SHA512
0ed6d3aa089a249fe273d33bfee35ad3d012304e998d94b6ca4cf24c59d0098cc5fd93de1e02d9c7516dddf3760a34fda2b8d38684ea22b1c68af26ef6bbb682

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe

Filesize
468KB

MD5
ec7e1f226067e3b8ac3120225f6f697c

SHA1
46e80e03dc5647f769a930b32fc3dad03db6be44

SHA256
abf79d48aba4a5b48ffa6774b40e71f8d3efef2af8601051b50a8a8dfe32c7f7

SHA512
29b2c45cd518a79c1d119d5ca9fc56e08d2c05c76029ce745f8d5fba1f4e12e828c5250973592aa2e309b6d09f65d1ad12e4c7a076b1b671b0d40eadfc8aba9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe

Filesize
468KB

MD5
1f6fe68345b63962c86d48fde73d4357

SHA1
4ce58ded49c58ad3d6516bbe4d2bf083a74e0341

SHA256
423e0ab27598af6767ea0fe01f56eb456b45443a3140fdb12358beeb2d22b79e

SHA512
b1d6b7b32aa462643e5148c85c214cc484e9bfcb7ead75b665a7489b7a0374fc17c35912858f723a51dd3b8166844010faec907ba22e3acbe2c9cb0b66050924

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe

Filesize
468KB

MD5
157473829427eec9207f3b18193c9aba

SHA1
c4d1e5ff8d600e25099525f6561a8f0def840c3b

SHA256
c82414616a735e7a7d332983c7c32024cc466f6cec98a64e9ee84cedc1603fc2

SHA512
5133f759a1cd7e0e280d616a4708ef8aad1140916183ad72a9e02b97c8eb794ef98ceaab314ef93a4ba6548b16109d624db2f393b6e755f547c77b088328853d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe

Filesize
468KB

MD5
95732c8e0f8d9efff315d70c0069c936

SHA1
908008e4611871a95f7c08aed7f6f56245fd95a7

SHA256
467e834b72d49a5e08c6b19eeb2929ac519bcd8ba9e9eaf25a318f8d13db2f22

SHA512
8ece220083c64a10511eef297a639c026b96a54724941a98f11a44eea337954709ac651a46712d9ca86e009d9bfd7107b1348aeaba7cc72e620d68a55acd464a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe

Filesize
468KB

MD5
b7fecea62098d1cdfb5fa4a1d6609089

SHA1
efb28ea71e51b9f53fb9b0673f513b9e13b88ff8

SHA256
6d37e95289bdcf13274aafa194b4746ea614e1cabb18ecb070cf998f12eec104

SHA512
4ff13ce327b0178ffe80846a0d86dccfdc358173a19f7c46a01d5803c3fef8ea18c24950527d26f777b7ec9ad2f9c351f0a191a1a45f652799824394317dddc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe

Filesize
468KB

MD5
70d1458415b936e6eedd9b7191ee8aa1

SHA1
c09ab42bdd974574d415ad0a446d9a0f5ddbfa3b

SHA256
5b814ea12c293a9e19cdc1eb89534c62f139111503c7bdee794f0e8b23828e25

SHA512
b64ee29b7e897c9d9ed8160a55bb13218d4f2fbe4678883cf424d0d707d3fd143a2c89b72d1a6baf1e227ec8a816dbacdc5d93602d52d30408d8c05ca559bc5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe

Filesize
468KB

MD5
b6e0c7fe0a7aa6904a1a43b0c3fcfb85

SHA1
3d4ead5614680b808e6f612e4f60f1613ea24f4e

SHA256
759f0267c7f1feaecba487c797a8069a572eec36cee1a9ce345656f0f6fedeaf

SHA512
a9767dc5fe6179929fc24016a263ba0436cb8db42bdcc72bdad8267c477cc6bb4a2fbfb44a7a4a979f80897dba89a7d48a4c48e4bd0bb61652967d8211e2fa9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe

Filesize
468KB

MD5
66c89732f5ea0e6d0f0272bd8326d092

SHA1
f5a1a6f934b7da549d9a2d4cb7e6bd2c5dfb700d

SHA256
1b603f1fa4e97dfcfd074b7e08d06fe94a1a2b4ee792d313b15bf670c6850e7c

SHA512
4bd2e910cb8d4ed7d3be3d7dc5d71da6c4a2da75da20c2fff04808b0f5645aed4c0fc3ce89b9af2005d87b37977155d376b7dafe5c9438def988fed6b3411bac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34514.exe

Filesize
468KB

MD5
99c22a64df043e3cc0a4dfced7a3462e

SHA1
24fc3efa538436e29a11866d5fe597d18deba885

SHA256
53c001838104536fe68ac9bbe0776d6b45f40fe82b676f64b566703081eac5b6

SHA512
a467c359277e87cd3ff437cfc7f8f2d747325fe86e5d939e9c18a7c5a30aea000dce5bfbe6de378f25ed2c8226da91e3c8d8773c4bfb276b112e7d79e691af1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe

Filesize
468KB

MD5
5ea4397bb121e596eb24f2506a08925c

SHA1
2a66f3b00162e01a0ae87a6ac7c3cec9ad7ba5d0

SHA256
bae94b9dbc52f8cea0108dec1bb1d6a282984cb26ae2a0cf27a9d80d50ecba4d

SHA512
e60c1a03620f97bbd4322ace3b9b744d472302ea153af76d9d1db2ef37d6c15262b27acf556bd42ec2d3935b33c8689a781836fb5f5fc1f46c681552afdb3ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe

Filesize
468KB

MD5
f2cc9b1cbe43b3fb130a29ea7a73853c

SHA1
a08f50f2e7eeb6755f93f495065838d4eeb51a28

SHA256
4ee5bde80cbb883de24cf0783a0a705d4173c4362ab6ba27ab483cdb1f6d7e38

SHA512
fa1ca1dad4653ad8e9044027c3cdd8fae005a4cebc740e745711f49e22086b5b34762a53a6f2bf829386d1af451072dd304b0b1a93efd7f4d08b1237e55ebcd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe

Filesize
468KB

MD5
0820c52d2699d53eb5ca2ff2524c0909

SHA1
aef38b0ff460ce368112b0a6fbe6fd569a08bbb5

SHA256
66236524c6a9262541d93603d7e95d12447ef251d8b3e04268c6e4b861fca561

SHA512
fc5a106ed0faf8ad0d7b4efa0db48dbd141f7558ddef09c4b07fa08ea153a4532b10fdfa7389c149c30fd7b7e69680033dc457e1b57ee4be56bffe58af4f1248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe

Filesize
468KB

MD5
4dd8655afd6b0e78276ae4f5a4c14af7

SHA1
f245096def6d927aa0385923b6ad57d4d4ccfcb8

SHA256
0ef12159092b258877ea3b31b44efc8be6ddaa2f8bc2cfdfb793c0557e4741d6

SHA512
0ec48ea897ba65820c20118b0dc0516d6922d0a8a1d887fc5977a4131d82a4dc90b183ef5563a8fd45894ebb3945174eac2f222fbc2c10ef0c3e064f8fd202cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe

Filesize
468KB

MD5
fa48e45f5cf13c599e2c1e1a4c559318

SHA1
32765abb7881d7865434f8035dc2ccd41434701f

SHA256
28aabed5683d43fc7880e9203b1adb74f74bd88951f5720c6365eac525bbe813

SHA512
37e5250917565560ec2e92224ff165ea2cd7e5cf9fef792b9fbd9fd1ac0992c621152120d00675ecbcd456bac5c728fc2da127eaa714f3bf7031840120062fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe

Filesize
468KB

MD5
bb7af65d457f37fe1b29a2e8aef8ab98

SHA1
74616c6079482a52bce8aa1bffe708df4ed7c9dc

SHA256
d1853d2a3785446e95cf9499bd11ce257bb087e5b62105c4c1c8deec9af068d4

SHA512
ef3761cfc7597e019132c6f7b979ff7979cdebaa5e649df84e8113447a6bdfddfaf67cd2a9f62efc216c6e42260bf192e0d3bd0efd36b8b15634ea67e51675ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe

Filesize
468KB

MD5
9a308dc37d09dbd9dc3326e6868873fc

SHA1
65d9a405c8c5157c50d5acb1f388a6f7f16bfffd

SHA256
c5af4715dfd0efcef4461f4b3ca3ce69d49873422fbda55927f215c0d6ff9d94

SHA512
73987328ca2331a888794c10c0cc1152b85300ac3a60ac0cdccdd7a41f32ff73fd253a38b111713aebb5d1360b745df48d396af04b483059fdfe8f6d110daa54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe

Filesize
468KB

MD5
d51f09ac2a212c04aa279e56ebd25699

SHA1
0d28034a2a0638b4ea32de0b048e4177df7f4ec3

SHA256
16c2d245fd59063bce342652d607d2f108752ee3eac0f043750dc4a2a51f050d

SHA512
d746575377048463643726a217e31b22566b69e069776215b036edb7543bfdf6cfc3690d7b46552a2cf2b0bbbab3b201eda528b940b64dedf3c5875a9d9decdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe

Filesize
468KB

MD5
e50dafa3da032434563dcbe58658111f

SHA1
2ba06dc4c18d35b7877976b2c6f3c00e53b38a12

SHA256
5348f5665320478ac504d73f6102496d18900d7a0f410e339cacc7214a9fa03d

SHA512
190253adeb5bebc1b26d0c4531abf39d52605e767e17b2f979603cf48f35dcf89250676ffedb5911387da408479ca6150f8ea746d3630348df8cf62d38c91c96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe

Filesize
468KB

MD5
b2a9b4f9a98130064028866aad532ca5

SHA1
a8de40e690acb743a1b627e46ee73dbce11e37b4

SHA256
c703bd89b155590d57b06363530f8aca8686d1e295c1fe8704c442e033259363

SHA512
4de0f4d6ed058da9e4d3a5e5f7965cbb3045e316bb5a5131b42193a2dfe8e2e6757f3ada701dc73149f0bdca1503ba38a8dc514f7b527b2e543983d4ee724071

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe

Filesize
468KB

MD5
72c82c816614368977b3dba9155a5a61

SHA1
4bf8daead381f84d86876ff2f042c6b548496fa2

SHA256
4122bf2a6d7abfb3b39b3fec32bbc0e9db1d6be4e7accd9a5840116c1bffafce

SHA512
194ae222778faa0661cb6068931e8fe63a6c0978344c99aab309aa0c6204a3db363c1ff84dd8badbfda0ec724b65ce226fb459321968ffc717672d1af75498ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58961.exe

Filesize
468KB

MD5
2939b0912fa26b930c9bd61e12b8fe7e

SHA1
285fcabe81691812e7710cf1af575a929c11f440

SHA256
3d3032d403f2d83c18720a24f73781df84a50552714ae3c40fa2e01e98559cae

SHA512
3ad4a11b3f26086971e67545ea69fa0b3528db5d000ba6e215efd4906714845e17e201e8dce497fc07ae3415f3abd15dce21a5df4d80ac3386036aa0675cb0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe

Filesize
468KB

MD5
66567bbd535c38749c62c5aa22a60e75

SHA1
4481cede19a078e2040ca966c133a6661e08a6c6

SHA256
8371855060df8387b690190dbfa300ed8f5721a71ee1a0a9b8e8dd9e115412d5

SHA512
5a29bc61a8cfbff118fdff842b57815db570cec3f44e90dfd7bd3fbfe37ea6451aee4de66d05c688a653dafa564338d53e188057b9cc97c5e5ac5ca5a96c31ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe

Filesize
468KB

MD5
69064196cc8d2a543744c90dbaeb25fe

SHA1
ac220c04c37b803c1ad04b6d20888d259c87b616

SHA256
f397147c4abaccb5693da8ce57b1bc638f77278a15d1af16ddb2d0883e9c8ba2

SHA512
81c8f896a5f71169a841b8835a72630cdafd85c993505b1295300588b4c599e4ff97120d73c292386ae30a8ac0730def3c6eede268b28112140960e45ce374ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe

Filesize
468KB

MD5
16cb818b92c30b33afbf1772a08c0149

SHA1
bff6f1fa04fd74f08b2372a3ff5b4db30120fac4

SHA256
9dd9d35dbb561221960e7e257c7caf6b8b15a32797e6fce9a6715f31023bc69f

SHA512
80b135e37efb9f1be9f9b0cd4f195880c79cb1cfbef52e534d99ee97323f48b2fa52d340194b2a23674a1bcab1146d6ba6eb9483926ccb815d13a54b64301eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe

Filesize
468KB

MD5
b997bacd3e0f545e38fc739a7f09edfe

SHA1
d15da981a193b4eeb723d335fb3ce0632a5d465d

SHA256
0d65dba15054a245930374ab7aae46edef956d7a025a83e2c3319082b1a2f4aa

SHA512
fe02d224dcc62c227a6a25434dd23f68ee9daed767722fa84e3ed4e4ae18971116846706377f6f4a6f8a40d9661360631a9955ec2870d4133a49302e79818422

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe

Filesize
468KB

MD5
03e851d272b8e4b1f35f2606e09dfdf4

SHA1
d457162158349ef4801b963380dbc9bbc4c47279

SHA256
09063ee5d44194db3f586544fc5e8dbb713bc6c8a8b5fcbc6efcd1b15a8bab94

SHA512
3bd3a2319fd3454eff18c74973627bcaa17e0fd992094b102481e1c4cdc94707ea00aa0a1bdba2110a1b75ffcc84008c1d341f2942f19453323407c705f6e5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe

Filesize
468KB

MD5
72a6528ad2a8057c61ba82df487e1226

SHA1
540ab7055ffef833ea1ea0a18266d5d875d5fcd2

SHA256
84a3d3bd776a041b59606747c286212c96f4ed1e2a256a5c8e544400b6e2a0b4

SHA512
0d10f8f80757d124c6d3abd6bd77a528ee5eed4f492cc3acc88d3237b5c4fcda4421283e3ba0a7cf4b260cc9c0ee9f568396652f9da1ab5758da355807ad2d0a

Download Submit
memory/388-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/696-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/712-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/788-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1016-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1196-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1240-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1320-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1540-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1632-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1864-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1948-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2244-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2312-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2392-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2424-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2488-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2536-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3008-47-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3140-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3524-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3624-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3716-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3720-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3792-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4072-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4244-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4264-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4352-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4492-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4616-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4696-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4988-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5148-534-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5308-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5316-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5380-541-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5436-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5464-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5472-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5484-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5508-569-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5512-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5520-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5540-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-471-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5564-565-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5740-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5768-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5776-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5796-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5880-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5904-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5932-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5952-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/12660-2492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14404-2443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14480-2494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads