ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe
Size

468KB
MD5

8870a92c66f94aec0b8d1e153641cb24
SHA1

b7efb166b89f76f6ea598a9508df4a1a75c15308
SHA256

ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48
SHA512

dfc1fd78c804a21f53bfd18a7a9bd55c28fd82cd8956e9740a38ebfe6d7612f82802da2d1f3a5c9f94c15bdc4b70898a7e62f829d444fe84e79c5a0a080062b5
SSDEEP

3072:ttAQorldIp3YtbYDPzeIffT/dCpZWumpnsHEdVhK/akazSX763lf:tt3oQxYtMPKIffjhLM/aP2X76

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4044	Unicorn-35026.exe
3644	Unicorn-47810.exe
4052	Unicorn-60617.exe
1644	Unicorn-1505.exe
2016	Unicorn-1505.exe
2976	Unicorn-26978.exe
1316	Unicorn-13243.exe
464	Unicorn-6321.exe
3284	Unicorn-54873.exe
2504	Unicorn-54946.exe
3088	Unicorn-5745.exe
4328	Unicorn-22082.exe
3404	Unicorn-34888.exe
4548	Unicorn-64960.exe
3152	Unicorn-2024.exe
1052	Unicorn-23058.exe
4988	Unicorn-51817.exe
4376	Unicorn-61298.exe
4620	Unicorn-10836.exe
2408	Unicorn-56508.exe
440	Unicorn-10452.exe
2316	Unicorn-4322.exe
512	Unicorn-10945.exe
3176	Unicorn-10945.exe
3756	Unicorn-18351.exe
64	Unicorn-56617.exe
1600	Unicorn-43618.exe
2516	Unicorn-56425.exe
1164	Unicorn-10488.exe
1960	Unicorn-3554.exe
1452	Unicorn-3073.exe
3492	Unicorn-35288.exe
3716	Unicorn-4308.exe
4504	Unicorn-63715.exe
844	Unicorn-8488.exe
2172	Unicorn-53538.exe
4948	Unicorn-65084.exe
3192	Unicorn-54690.exe
1412	Unicorn-8177.exe
4636	Unicorn-56921.exe
4524	Unicorn-53657.exe
1856	Unicorn-23253.exe
5044	Unicorn-16738.exe
1836	Unicorn-7409.exe
2416	Unicorn-23554.exe
1976	Unicorn-23554.exe
4724	Unicorn-26434.exe
316	Unicorn-5307.exe
1648	Unicorn-9713.exe
4972	Unicorn-38856.exe
4292	Unicorn-24789.exe
1832	Unicorn-399.exe
4460	Unicorn-54809.exe
4220	Unicorn-8945.exe
3876	Unicorn-8945.exe
1044	Unicorn-42224.exe
5060	Unicorn-28488.exe
2212	Unicorn-48354.exe
2644	Unicorn-14420.exe
2100	Unicorn-14420.exe
4712	Unicorn-15105.exe
3324	Unicorn-48354.exe
2280	Unicorn-14420.exe
1048	Unicorn-57984.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
16196	15548	WerFault.exe	740
17280	4760	WerFault.exe	728

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51817.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6132	dwm.exe
Token: SeChangeNotifyPrivilege	6132	dwm.exe
Token: 33	6132	dwm.exe
Token: SeIncBasePriorityPrivilege	6132	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe
4044	Unicorn-35026.exe
3644	Unicorn-47810.exe
4052	Unicorn-60617.exe
2976	Unicorn-26978.exe
2016	Unicorn-1505.exe
1644	Unicorn-1505.exe
1316	Unicorn-13243.exe
464	Unicorn-6321.exe
3088	Unicorn-5745.exe
2504	Unicorn-54946.exe
4328	Unicorn-22082.exe
4548	Unicorn-64960.exe
3284	Unicorn-54873.exe
3404	Unicorn-34888.exe
3152	Unicorn-2024.exe
1052	Unicorn-23058.exe
4988	Unicorn-51817.exe
4376	Unicorn-61298.exe
4620	Unicorn-10836.exe
2316	Unicorn-4322.exe
440	Unicorn-10452.exe
2408	Unicorn-56508.exe
1164	Unicorn-10488.exe
1600	Unicorn-43618.exe
2516	Unicorn-56425.exe
64	Unicorn-56617.exe
3176	Unicorn-10945.exe
512	Unicorn-10945.exe
1960	Unicorn-3554.exe
3756	Unicorn-18351.exe
1452	Unicorn-3073.exe
3492	Unicorn-35288.exe
3716	Unicorn-4308.exe
4504	Unicorn-63715.exe
844	Unicorn-8488.exe
2172	Unicorn-53538.exe
4948	Unicorn-65084.exe
3192	Unicorn-54690.exe
1412	Unicorn-8177.exe
4636	Unicorn-56921.exe
1856	Unicorn-23253.exe
4524	Unicorn-53657.exe
5044	Unicorn-16738.exe
1836	Unicorn-7409.exe
2416	Unicorn-23554.exe
1976	Unicorn-23554.exe
4724	Unicorn-26434.exe
316	Unicorn-5307.exe
4292	Unicorn-24789.exe
1832	Unicorn-399.exe
3876	Unicorn-8945.exe
4220	Unicorn-8945.exe
1648	Unicorn-9713.exe
4460	Unicorn-54809.exe
4972	Unicorn-38856.exe
5168	Unicorn-60585.exe
2100	Unicorn-14420.exe
1708	Unicorn-63849.exe
3324	Unicorn-48354.exe
2212	Unicorn-48354.exe
2644	Unicorn-14420.exe
1044	Unicorn-42224.exe
1048	Unicorn-57984.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 4044	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	89
PID 4880 wrote to memory of 4044	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	89
PID 4880 wrote to memory of 4044	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	89
PID 4044 wrote to memory of 3644	4044	Unicorn-35026.exe	95
PID 4044 wrote to memory of 3644	4044	Unicorn-35026.exe	95
PID 4044 wrote to memory of 3644	4044	Unicorn-35026.exe	95
PID 4880 wrote to memory of 4052	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	96
PID 4880 wrote to memory of 4052	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	96
PID 4880 wrote to memory of 4052	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	96
PID 3644 wrote to memory of 1644	3644	Unicorn-47810.exe	98
PID 3644 wrote to memory of 1644	3644	Unicorn-47810.exe	98
PID 3644 wrote to memory of 1644	3644	Unicorn-47810.exe	98
PID 4052 wrote to memory of 2016	4052	Unicorn-60617.exe	99
PID 4052 wrote to memory of 2016	4052	Unicorn-60617.exe	99
PID 4052 wrote to memory of 2016	4052	Unicorn-60617.exe	99
PID 4880 wrote to memory of 2976	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	101
PID 4880 wrote to memory of 2976	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	101
PID 4880 wrote to memory of 2976	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	101
PID 4044 wrote to memory of 1316	4044	Unicorn-35026.exe	100
PID 4044 wrote to memory of 1316	4044	Unicorn-35026.exe	100
PID 4044 wrote to memory of 1316	4044	Unicorn-35026.exe	100
PID 2976 wrote to memory of 464	2976	Unicorn-26978.exe	104
PID 2976 wrote to memory of 464	2976	Unicorn-26978.exe	104
PID 2976 wrote to memory of 464	2976	Unicorn-26978.exe	104
PID 4880 wrote to memory of 3284	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	105
PID 4880 wrote to memory of 3284	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	105
PID 4880 wrote to memory of 3284	4880	ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe	105
PID 2016 wrote to memory of 2504	2016	Unicorn-1505.exe	106
PID 2016 wrote to memory of 2504	2016	Unicorn-1505.exe	106
PID 2016 wrote to memory of 2504	2016	Unicorn-1505.exe	106
PID 1316 wrote to memory of 3088	1316	Unicorn-13243.exe	107
PID 1316 wrote to memory of 3088	1316	Unicorn-13243.exe	107
PID 1316 wrote to memory of 3088	1316	Unicorn-13243.exe	107
PID 1644 wrote to memory of 4328	1644	Unicorn-1505.exe	108
PID 1644 wrote to memory of 4328	1644	Unicorn-1505.exe	108
PID 1644 wrote to memory of 4328	1644	Unicorn-1505.exe	108
PID 4052 wrote to memory of 3404	4052	Unicorn-60617.exe	109
PID 4052 wrote to memory of 3404	4052	Unicorn-60617.exe	109
PID 4052 wrote to memory of 3404	4052	Unicorn-60617.exe	109
PID 4044 wrote to memory of 4548	4044	Unicorn-35026.exe	110
PID 4044 wrote to memory of 4548	4044	Unicorn-35026.exe	110
PID 4044 wrote to memory of 4548	4044	Unicorn-35026.exe	110
PID 3644 wrote to memory of 3152	3644	Unicorn-47810.exe	111
PID 3644 wrote to memory of 3152	3644	Unicorn-47810.exe	111
PID 3644 wrote to memory of 3152	3644	Unicorn-47810.exe	111
PID 464 wrote to memory of 1052	464	Unicorn-6321.exe	112
PID 464 wrote to memory of 1052	464	Unicorn-6321.exe	112
PID 464 wrote to memory of 1052	464	Unicorn-6321.exe	112
PID 2976 wrote to memory of 4988	2976	Unicorn-26978.exe	113
PID 2976 wrote to memory of 4988	2976	Unicorn-26978.exe	113
PID 2976 wrote to memory of 4988	2976	Unicorn-26978.exe	113
PID 4328 wrote to memory of 4376	4328	Unicorn-22082.exe	114
PID 4328 wrote to memory of 4376	4328	Unicorn-22082.exe	114
PID 4328 wrote to memory of 4376	4328	Unicorn-22082.exe	114
PID 1644 wrote to memory of 2408	1644	Unicorn-1505.exe	115
PID 1644 wrote to memory of 2408	1644	Unicorn-1505.exe	115
PID 1644 wrote to memory of 2408	1644	Unicorn-1505.exe	115
PID 3404 wrote to memory of 4620	3404	Unicorn-34888.exe	116
PID 3404 wrote to memory of 4620	3404	Unicorn-34888.exe	116
PID 3404 wrote to memory of 4620	3404	Unicorn-34888.exe	116
PID 4052 wrote to memory of 2316	4052	Unicorn-60617.exe	117
PID 4052 wrote to memory of 2316	4052	Unicorn-60617.exe	117
PID 4052 wrote to memory of 2316	4052	Unicorn-60617.exe	117
PID 3088 wrote to memory of 440	3088	Unicorn-5745.exe	118

C:\Users\Admin\AppData\Local\Temp\ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe
"C:\Users\Admin\AppData\Local\Temp\ccf09b984b9d26f5efb60b309683ddd5902dc68881b4a2caaf68056765693d48.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3953.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        10⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        10⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
        10⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        9⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        9⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        9⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48088.exe
        9⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        8⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        9⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        9⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        9⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        9⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        10⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        10⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        9⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
        9⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        9⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
        9⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        8⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3490.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        7⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        7⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        9⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
        10⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        10⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        9⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        9⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        9⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        9⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        9⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        8⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        9⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15332.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        9⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        9⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        9⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8731.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        7⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        7⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        6⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        9⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37532.exe
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        8⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
        8⤵
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
        8⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        7⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        7⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        7⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30098.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        7⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        7⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        7⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        7⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        7⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        6⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        9⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        9⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        8⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21419.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        7⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        8⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        7⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        6⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        6⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        5⤵
        Executes dropped EXE
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        8⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        7⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
        6⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17647.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        7⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        7⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        6⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        6⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        6⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        5⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        5⤵
        
        PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63801.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64115.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        7⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24574.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        7⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        6⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        6⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        6⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        6⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        6⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30098.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        5⤵
        
        PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
        5⤵
        
        PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
      4⤵
      PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
      4⤵
      PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
      4⤵
      PID:11008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        9⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        9⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        8⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
        7⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        7⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        7⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        7⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        7⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40905.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11376.exe
        6⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        6⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        6⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        5⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
        5⤵
        
        PID:10964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:64
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        8⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
        8⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-532.exe
        7⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20459.exe
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        6⤵
        
        PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        5⤵
        
        PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        6⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
      4⤵
      PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
        8⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        9⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        9⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        8⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
        8⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        8⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
        8⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        7⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14104.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        7⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        6⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        6⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        6⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        5⤵
        
        PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40972.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        6⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20635.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        6⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44736.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        6⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
      4⤵
      PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        5⤵
        
        PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51276.exe
      4⤵
      PID:15548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15548 -s 464
        5⤵
        Program crash
        
        PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
      4⤵
      PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        7⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        5⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64993.exe
        5⤵
        
        PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29483.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        5⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
      4⤵
      PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
        5⤵
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
      4⤵
      PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
      4⤵
      PID:8756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        6⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        5⤵
        
        PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      4⤵
      PID:9084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        5⤵
        
        PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58207.exe
      4⤵
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
    3⤵
    PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
      4⤵
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
    3⤵
    PID:11920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
    3⤵
    PID:15880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        6⤵
        Executes dropped EXE
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        9⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
        9⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        7⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        7⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        7⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
        7⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        7⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
        6⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        6⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
        5⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        6⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        7⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        7⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
        6⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        6⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
        7⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        7⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        6⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
        6⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2539.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        5⤵
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        7⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        7⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 472
        8⤵
        Program crash
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
        7⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        6⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25340.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38488.exe
        5⤵
        
        PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        6⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        
        PID:14788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
      4⤵
      PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
      4⤵
      PID:15784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        8⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65397.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        8⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        7⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        7⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16329.exe
        6⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21960.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        8⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        7⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        6⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19751.exe
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        6⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        6⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        7⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        6⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        6⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        6⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        5⤵
        
        PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        5⤵
        
        PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49339.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
      4⤵
      PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27087.exe
      4⤵
      PID:11244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52150.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        6⤵
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        7⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        5⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        7⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        6⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        5⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        5⤵
        
        PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
      4⤵
      PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
      4⤵
      PID:11508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        5⤵
        
        PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        5⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        6⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55601.exe
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        5⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        5⤵
        
        PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
      4⤵
      PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
      4⤵
      PID:12836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
      4⤵
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        5⤵
        
        PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48140.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
      4⤵
      PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
    3⤵
    PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
      4⤵
      PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        5⤵
        
        PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
      4⤵
      PID:11720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
    3⤵
    PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
    3⤵
    PID:12360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
    3⤵
    PID:16040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
    3⤵
    PID:1584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        6⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        7⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
        7⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
        7⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        6⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        7⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        5⤵
        
        PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        7⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        6⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        6⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57573.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        6⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        5⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        5⤵
        
        PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        5⤵
        
        PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
      4⤵
      PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
      4⤵
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        7⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        7⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        6⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55093.exe
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        5⤵
        
        PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        6⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        5⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
      4⤵
      PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
      4⤵
      PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
      4⤵
      PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
      4⤵
      PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
        7⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24574.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        6⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        5⤵
        
        PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        5⤵
        
        PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
      4⤵
      PID:12696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
      4⤵
      PID:8832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63749.exe
        5⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41621.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        6⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        5⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      4⤵
      PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1698.exe
      4⤵
      PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
      4⤵
      PID:11336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
    3⤵
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        5⤵
        
        PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
      4⤵
      PID:10400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
      4⤵
      PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
      4⤵
      PID:10924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
    3⤵
    PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
      4⤵
      PID:14492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
    3⤵
    PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
    3⤵
    PID:15540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        6⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15600.exe
        5⤵
        
        PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        5⤵
        
        PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        5⤵
        
        PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
      4⤵
      PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
      4⤵
      PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
      4⤵
      PID:12844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
      4⤵
      PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
      4⤵
      PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
      4⤵
      PID:14088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
    3⤵
    PID:8728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
    3⤵
    PID:12848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
    3⤵
    PID:7376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
        5⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        5⤵
        
        PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
      4⤵
      PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
      4⤵
      PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
      4⤵
      PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
      4⤵
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
    3⤵
    PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
      4⤵
      PID:9024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
    3⤵
    PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
    3⤵
    PID:13504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
    3⤵
    PID:17240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
  2⤵
  PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
    3⤵
    PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
      4⤵
      PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
      4⤵
      PID:14100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
    3⤵
    PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
    3⤵
    PID:11828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
    3⤵
    PID:9368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
  2⤵
  PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
    3⤵
    PID:9064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
    3⤵
    PID:12736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
    3⤵
    PID:17372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
    3⤵
    PID:10744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
  2⤵
  PID:7436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
  2⤵
  PID:12336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
  2⤵
  PID:13976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4252,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
1⤵
PID:732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 15548 -ip 15548
1⤵
PID:17864

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe

Filesize
468KB

MD5
9a97569ef6da9cb89546b8ac4cf0eb74

SHA1
8d834a8c9057a65327fc171751489ae2749d530c

SHA256
ea794e76e932d9838e410b7da721ecf4853f617ffc7c73f784dec73e3a5730fd

SHA512
a32d2ba40f2d7b5c0e72fb34bae31cab0af2bea84611dff07f45c17a1f6dd7326071cfdada42fcae8240699c0a7adcebec1ce24c8359f26d905f0114ad301dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe

Filesize
468KB

MD5
3f82570c8b05060ad615a271976ce796

SHA1
83cc52877da0619cf66d25bc283d1d4149ea47a5

SHA256
486569806f3f925fa8da3849eb78fa771316151b893a7380292c7bf778fe0530

SHA512
0949f6412be6e6d22732c6949e467fcec48f2748a44d982dac65cb5788554c692accc4532d1af61a66980c29db041e373484509ef21553796272fed319df6431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe

Filesize
468KB

MD5
95afb3475938d14b790b564fcb9d87c0

SHA1
6141b183648e4dfa888af4d903225ca45453c447

SHA256
2f66783bc45c4314d93c177d4c835c85c03b416e80a40b7ddff00e5f6f3de91c

SHA512
85ea288e81d5cbbaff2082c9033f84252976e468fa45cae5ebf4f6af3e82a9ba397543df3f134bdcc0de52592743c1f92f7c60d5e714f87ea28af5573fb1e601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe

Filesize
468KB

MD5
6554b3ce08b3c13583108ea0c509eb54

SHA1
5f00569f596efee8f5ab19ce51c505e37d23a849

SHA256
66a5c6da2d062e5db09ce8411514fa803092dc601781dadaa934fe5a4def7a8f

SHA512
29f84a982c6fe3fc40c2f84643287a80511fbd176e5aa783b072746ffe3669b5f0d62df0d63bb03d0b5d84c393edc93ca8b41c3c00e4fc2fb684edc5da5142a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe

Filesize
468KB

MD5
69bd301a2f0a3e9017e3a92f24604571

SHA1
f18067f96a8859cea89658c22ef97552553d36ca

SHA256
537731b53e873e320909463b9952af6f0d0195b9477f9d5502fe72e78101c534

SHA512
f526f54be1a815b2603d47b2246409b8ad69804bedbaa640799a891640cbd443b55dd4ffbb81f0ddbb2e04af72caa4b786d7804da7780637498c1cccc5e6f551

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe

Filesize
468KB

MD5
6a25f4ff3104d55b9905e715f532d3f8

SHA1
d11d0a9d051227ad38ca64501c8bd19affb76fe3

SHA256
cd0874d6d4716b527e3a9510a4b5accc6e118239cf68bec4b80e364a19d67dad

SHA512
e85d90babe78dee9b0cf21d26fe6316691fefe9e710417288e622e4a813956b370cd9efc76161d8641fcca946bd6240d6be93426d00281363d256b8da3b20a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe

Filesize
468KB

MD5
0465300c246484f7702b969c71979de0

SHA1
aff041eed69e31309593b94a98a0ac8bf7a7403f

SHA256
cd31a46648850cb70590ed0b68462cd13b9b69cfb507a933898e003dd25fe401

SHA512
4920459e9456db4fb444bc1447c1c5c90fab4e9db1df32163b56d4686433026cea44eb5633a16316cad97de9744ab8ea795ef35f567759e2f63db35af8ba9baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe

Filesize
468KB

MD5
1a96398618aaeb15ff1f0a0cdc858040

SHA1
69ddfdcf71838914f9a62c87149c376c1a34385e

SHA256
6505fb268cbba17b46874b350e971698c9b23003505c5106f946f296b56630ad

SHA512
91a6bfaf8a0a7c4d03667d88b6e20de08590b3d89f9be035536dd11f8b69cdcd31d5c200298f3f9dc8273fff0b320e2992704b29ea5813c6fbd8d779c0287b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22082.exe

Filesize
468KB

MD5
333fff16268f8babfce649495a37b2a9

SHA1
ec338f57b9e1d09be38e7b8c88ba88a9c0993613

SHA256
7776d87aa3e1168c1c3e3f55b7ccc55c95ba9e383a349a324d776ec3871654e7

SHA512
17e6c9eb17c07e1a07fbecb821595a789e31902f5a78a1d845e6bcd520ba77449f6abfc08a9138b4c7173d00d388688f7995f6cb24d7997c3d6f2b61d5d869c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe

Filesize
468KB

MD5
6fdafc0e728e34afbbff31765d5d2c1e

SHA1
c4442d4040ccf0a90d7e7ac91dcbed29ae418025

SHA256
03f19f928ca7f12166a4bcceed9f377930f885fefd00e7efc94a4a61cef3496e

SHA512
350dcc23592aa679824df00135ef602cf770452dfe95f8d42bd87c8558dc4c1fd8d37dd12e1319af48d8eff638c36e0140ff84f24c400ae3be54ac214466c4fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe

Filesize
468KB

MD5
83da64efa329cbbb9c551e221e27bb26

SHA1
4096ee1e7aa110ec204256263699485e852c9a62

SHA256
19afceb9ff9a988491e165b68acad7dda48f60bf69d97ddbe38728da752b3b0b

SHA512
e3c8992819ab1be0214793ae046a300ba9eae000e3923f0030a5b7daddff3ab47e14ef8cb3a0459cb3b6d69d31da140c898b1cd81f2d07db1337a9c9da71c6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe

Filesize
468KB

MD5
060910649f0ebd9cb37b58ca4e378233

SHA1
eb87ae5784e4d050af7d477c29185c43293163a5

SHA256
b39acf67a529d98ec624826b23e1fae23a9ffbf65d2c02c5dae0f76843d3dc62

SHA512
1e55b5ea43c8fd950c7d163b15142a766ce353d19cc7f1a5193acff456766e29d1bff52ba26aed55c70941e87278e012af23f5c14e7884db006f26621a61254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe

Filesize
468KB

MD5
2d4d5578d497004e70a7f3a09b22f256

SHA1
d6d1f3ca893cd6f2f6d17f5c95b790b7e8ba6389

SHA256
e94ef906e5c2a98d3de72c71998369d1245d55211dbacc78cbfba1dcd6a1a641

SHA512
40924b9b49640f7b73fcffa25907e7632642528c7488274978c17e0c1c4cf014b5e736363d74909ad4371d8cc210f0a1e96c73b378ed99f8ec435e4853439c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe

Filesize
468KB

MD5
b3b57b69b131e1e61b32434a95095f59

SHA1
c16dc6c68685a57efca77d0af8eea8cd703d70f6

SHA256
b9165afe15019089977c61d5c73cafb67217fad060d19a1d6b5fa96bed3e3bff

SHA512
55e7a6136b73e96287b833a0d54afc07fe7585582fbde37ca942bf05e8d1fe4bee5587c979f9661ba521ec299aca9fbb1fde4ca8e3062fdb3c92208220c89e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe

Filesize
468KB

MD5
ff61cbd59e2f3bcae2b1648c50b38fb1

SHA1
acecbe2c76f7b0080c129a991e3dbe92fcddf5ee

SHA256
4c736f758294ec831fd32e74e9f0ca59efd306880c93989500a24782cae2b450

SHA512
374937233e4f85b3861a26b52789e8e6164857a0c157f03355bd82efee31c4497defe92a3c54bc53a6216717ebf2f2768c4797a7d12b24a001f5b3df00f7ef90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe

Filesize
468KB

MD5
618048c3870796ca84c9bd412d26f739

SHA1
aba6d46d3f44d8e59c9a44b550a3cdb69e2fc3e5

SHA256
a7260783d9b102a965f5fb26cddc768f1736f0f83ef3c6174b8f590a971a0cb5

SHA512
29c3aebcdf697ecafe5c1eb35f04a72420507221fe472adaa77440581b25ef375b0f0ad7abd8e1ded71dc4137ad1ad2ffcd9e3929634885de28533da4738e73e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe

Filesize
468KB

MD5
fa6dfbe1c8662dfed02a26f121c2ff95

SHA1
4d797b1c6d2ffcdcb905e7e2852390527ed5f271

SHA256
75a513104ca97c2e1981422832fea898c1532ac331b6fc2a853ac5dd223a0e0f

SHA512
50cc0431962115163a07d5e2a21b0e2bb66cffb97f7ddcf33effaf24a56a21c8e1a24b7e72b20d06b0344dfa6818ca8fd227643277e2f903e710ed4ccd59fb82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe

Filesize
468KB

MD5
e6ffde770d4c21cdb787eb040b96262b

SHA1
08bef6ec97addad6df1c91cb335a68f12e311168

SHA256
302476a50437ca7e13ea8d07e7efd34ef9283d90d9c3638b4c4bc14604157916

SHA512
649914ca69fa89c6562cd02db2f42c64a1ec59a6cc2a0c312853d46d880dcda976f3170aa6e69f98b1fff28ace1f08c43dcc07980882375a73e65120a4a22074

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe

Filesize
468KB

MD5
187e96b517b65e5808154f9ab5eb3100

SHA1
5b8be4a33184dd9e8c84e6ad4f3450756a08d8c1

SHA256
f1f25823256ba630061b53fd60db8599693b1b6591a145ab8db9418a0f49f02c

SHA512
171ae85ce2ba4b8b0d84a0604e58970aff85858201ebd183e069619703121f7dc57a3d181fce065cf00cfe1897e8c7d5cc9790d8e9b2805ca427683b3dafbc41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe

Filesize
468KB

MD5
4b780c6ed02eff7a3e4ddff05fb38f1f

SHA1
d6541c9267e1f7de35c61583e5870c1671d37c87

SHA256
b36a96a4e75761b7f06ccc4b1baac3c9ebbf06d135a7b4f19438895b44f70559

SHA512
a88401222c4263326b5dce1f2581d239b446813a8e9fe273400e7f60a4d500a4b38ee0e0bd4d7005623b226f801badac7eddbee367c0aa5f19349b2a219fcbb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe

Filesize
468KB

MD5
9050a43a350f5fd697d2052c1d6233b3

SHA1
49b09e7cd7c9ae438bf6932ae4f1de087b2916a1

SHA256
ee849064433b1dee0479554eea227eb31594cd7d08869ec6d6f357bcd97052db

SHA512
9fcf13b52f38942994857bfa9e0d9ab380948d09871f885a4c1d7b391adfbd0c32ac954d4d891911146461313ac7b01279e4a491e6f40c484e5c5592d0451baa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe

Filesize
468KB

MD5
b70249e0203948e743d687d8eb6ce0d0

SHA1
d55a3f1cadfaf18559359a93f6b0a92983f8bde8

SHA256
e2794af6023dd2230a7c8cb136e26a5987c50cb4b396ff70ad19fd121d2de6f7

SHA512
6d41151cac58ab59f657fed5e6591b2916b01ca8422cc957948320afe2b08f82946dfdd419b16e8728e7508dbe8179164a2bfeb255313acfd0ac33264778e80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe

Filesize
468KB

MD5
c8138df2a70e04b0847cda4ffc43cd4f

SHA1
6eda7af897ed45de29248c9fdf16748feb5e923d

SHA256
2455f3b6a1bb7881c3fb7452f8d0cf8492cca760dddde409121f07ee9a6f73ac

SHA512
f9a599b500a946234276c809195f335ec4648f8d691cfbd56e40d37bddd8617239e7b6a6bacb1cf9e1311b41cde7637d25182ff73912b88e6155b5adea8c23b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe

Filesize
468KB

MD5
9906f515b0fe4083f84e9128fb7ec5bb

SHA1
0751fb5b5b2c759629dd1a5db6a9adf5cd642263

SHA256
ceec0c2146eb28b3edb135f13f966a1292d415cbdb4b5c36007deb3c80922080

SHA512
8d6fec9d2a16590eb35c43011dfe6cca2b6dbb3d900b7cffd24424bf5cd8c7b2c57983f1c7474fcdb18378fcbe50a3ee45b0cc98c8866a6ee5ae9440e6fd411d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe

Filesize
468KB

MD5
9b07a7eaae973826e79a17ac1e9e3c74

SHA1
963e4b16018a95b0abea63835d4c9b26c41e0724

SHA256
e8088b3dee5d2fe6f4ac3566c16fa65d9abbe029399d6476520511d120003ed0

SHA512
31db87b7c7d9daa4b259ba797407dc2f066054440877a9f18caa2762d20908ee515b98d14893735fa3f6fe30862144ebdb8d6f73e2f593717bf606af178ecc34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe

Filesize
468KB

MD5
3c7773a4d74e7cd645825b2e6fe316af

SHA1
269e0938a47a4655860815690211828ad77a2b85

SHA256
8a95d4be33101ae2ef8e2730b94c7f93aec18119126897bd46d203dff5119f27

SHA512
434609a9df90feb0c34e21ace4163b076beaea676d03083fb8e1474c133dc64e62531a1625c0c1007eb86ff24afe22d8da6940cde051be5bfc5cb737936ac5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe

Filesize
468KB

MD5
4717998d4183f2950bd30df47bfc2089

SHA1
aab1e352d1fc0db0cf85458fb6d5954a5a24c2b9

SHA256
aa0c066207a78eb41db7d058444913a5fb7a2575212df2ff4a89bbe6218d9d2b

SHA512
8af4f7b772ea8ad4f384d703740f675b9a77ff7c38133806821861392ea62e2b4d00f2b869ec55f16b5091810a858015cb7856006f13d6700d62a24a7e8ad367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe

Filesize
468KB

MD5
ec943fb7ea9a353a04c8993b00d826dc

SHA1
767b8a626a1a660f05101d701275fd9dab15641a

SHA256
825aafe73d08315f47ee610ca87d38fe107844af602c9a3ec5d031e339f5c4d0

SHA512
eeeaefefe4221d1b4e914ffdc32a76ff2ee5930a3dde468b9ad327e9f473434418a9938b753ca7a0939d434fbf3824f7492f640ae6732c63671de2fc41a1a768

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe

Filesize
468KB

MD5
3f2398c7db0aa075d5649560de2ee6d9

SHA1
0e91a0fbb2f5ca5306e5adc0fbff8a0d3a0ed3cb

SHA256
b5b85ef7d28ac54e3833a2481310025d484fc015d1f7fb13dbf29ab72b09633a

SHA512
319657177a2b437de98be6ce523e05d6460a0957446611c13a829e2fcad52503a19f550136573d54400b7e9ea415931eedca8d1e87c4fce5a7a3a0f6e0433c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe

Filesize
468KB

MD5
68853af7e5a0e93bdbbd43851d5b01dc

SHA1
f269ed14dc5112e3261b0b66a84e1193faa1ff8e

SHA256
9b73dee8f99701894dd92a9551a1e630ef2c2a285d33c01f391961a045fdb3f2

SHA512
9057103a9fb48bffa18403b6c07c219bec74e37bc03c7dba6854e1cb8ffb134b095990ee2821da3ee00a61972e35e75a6f6cc64517f7d373553649e600af8514

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe

Filesize
468KB

MD5
c268a85c2fa24ab584c8b1b7e57bf199

SHA1
1d38f64bb3d53ad8d8a3f3b63680b7fd732675c8

SHA256
86615e0bcc46d0162526b200b765e480518d230514afb8bed619e1a9e9856944

SHA512
63bae674bf261ace22494b73a01b3f86fca279e4a2fba0817cc6c5f0c7ff0da13a6305f8a44982ed3f43761a08413d8587811713bdecc4afb25eaa69bcfe7db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe

Filesize
468KB

MD5
578f7c6441ba9977ca762231b3c7dbe3

SHA1
061adf9f8efea0f9685283c480af1f0dc94b7c01

SHA256
d0f6a22050aa1dec9056bf70e656ec071da3846b2c51e7c4fa6026760a059aee

SHA512
37c593e585b663617c8a15bda9002220cf166f91a3258e3ef236bf7bb35bef2daa6155f93ec4f3314f3366a5e6021f13e974936c1634584a933e3f15b4625991

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe

Filesize
468KB

MD5
c01e2a58a1fe408be5cff145d7c331b7

SHA1
3cf4cdb8f79266b58ae09ca30750b52d0dc3d9b9

SHA256
39acb229334dec74f6900fd8210714338653025fb2c506af24a8266557b64903

SHA512
642edc7a3d40959b24f26f63aecd2bb349f6e0589665f80054897ac2b3613adf6058067e60f2ea6406f7fcc177b0aa920f589b83a0a9f2b87d7cce78d4754530

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe

Filesize
468KB

MD5
af5f4714a612241fe5a64ad8b543c23d

SHA1
b1b5b21ae045b84269d0db894e4e7f896a7a61d8

SHA256
83a0cfb32955606ddf7d0a317ff3fe042343269abe080d06bcbd9c1b9f7cd05a

SHA512
846cc871eba2e594f513de5f8968a9574ed9620ae064178c683fa36ec64a149d648a8f461796861fbc2a31c36a8f671e738c3ba0eedcc366a2b0688dfa6da3e9

Download Submit
memory/512-2531-0x0000000075A90000-0x0000000075BED000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads