fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe
Size

468KB
MD5

c66bb8a4b05774f8e743744edc87ad53
SHA1

9511ef5db3909f0093012334a8423f85b9d44f02
SHA256

fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64
SHA512

c4fda4cda94ab709fdbdb59a1c02e6dc98de800ffe448f618203dff1fbc589adc677c68afb8a916d32ffd0672f590a730b26688a988454a6cb351116e1b6f8eb
SSDEEP

3072:8Or8ogKxjEXj2bPQPzDgqf8SlCFjGmpCPmHx1/H4IOg+2FAh+mlJ:8O4oN6j2sP3gqfhmjaIOXaAh+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1396	Unicorn-50216.exe
3896	Unicorn-45696.exe
4748	Unicorn-58503.exe
1444	Unicorn-38400.exe
1664	Unicorn-4658.exe
468	Unicorn-50330.exe
924	Unicorn-64942.exe
1156	Unicorn-16112.exe
4804	Unicorn-46023.exe
4768	Unicorn-44954.exe
4700	Unicorn-24856.exe
4864	Unicorn-159.exe
3292	Unicorn-51398.exe
4476	Unicorn-41000.exe
876	Unicorn-40735.exe
4588	Unicorn-16984.exe
4584	Unicorn-29022.exe
5108	Unicorn-8239.exe
2956	Unicorn-26421.exe
1572	Unicorn-59744.exe
4916	Unicorn-26880.exe
4972	Unicorn-35048.exe
3600	Unicorn-26615.exe
5068	Unicorn-35048.exe
2152	Unicorn-45254.exe
3560	Unicorn-10543.exe
1984	Unicorn-23350.exe
3988	Unicorn-42454.exe
548	Unicorn-8247.exe
1964	Unicorn-21054.exe
3596	Unicorn-15346.exe
3856	Unicorn-2693.exe
3536	Unicorn-10743.exe
3972	Unicorn-63514.exe
1148	Unicorn-18720.exe
1020	Unicorn-59295.exe
452	Unicorn-23934.exe
4256	Unicorn-62174.exe
4048	Unicorn-62174.exe
2120	Unicorn-26312.exe
3316	Unicorn-63815.exe
624	Unicorn-36976.exe
4356	Unicorn-11511.exe
2672	Unicorn-60520.exe
1940	Unicorn-13357.exe
4756	Unicorn-19488.exe
2896	Unicorn-40462.exe
4964	Unicorn-60328.exe
3552	Unicorn-35559.exe
4556	Unicorn-2965.exe
4696	Unicorn-198.exe
3340	Unicorn-57567.exe
3796	Unicorn-60328.exe
3192	Unicorn-60328.exe
748	Unicorn-15958.exe
2168	Unicorn-35824.exe
1104	Unicorn-60135.exe
5116	Unicorn-62440.exe
3136	Unicorn-665.exe
3016	Unicorn-11615.exe
1828	Unicorn-43712.exe
2836	Unicorn-19784.exe
3304	Unicorn-38158.exe
3732	Unicorn-40950.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
14368	15132	WerFault.exe	753
1584	13048	WerFault.exe	647

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19136.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15920	dwm.exe
Token: SeChangeNotifyPrivilege	15920	dwm.exe
Token: 33	15920	dwm.exe
Token: SeIncBasePriorityPrivilege	15920	dwm.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
11528	sihost.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe
1396	Unicorn-50216.exe
3896	Unicorn-45696.exe
4748	Unicorn-58503.exe
1444	Unicorn-38400.exe
1664	Unicorn-4658.exe
468	Unicorn-50330.exe
924	Unicorn-64942.exe
1156	Unicorn-16112.exe
4804	Unicorn-46023.exe
4768	Unicorn-44954.exe
4864	Unicorn-159.exe
4476	Unicorn-41000.exe
4700	Unicorn-24856.exe
876	Unicorn-40735.exe
3292	Unicorn-51398.exe
4588	Unicorn-16984.exe
4584	Unicorn-29022.exe
5108	Unicorn-8239.exe
2956	Unicorn-26421.exe
1572	Unicorn-59744.exe
4916	Unicorn-26880.exe
1984	Unicorn-23350.exe
4972	Unicorn-35048.exe
3560	Unicorn-10543.exe
2152	Unicorn-45254.exe
5068	Unicorn-35048.exe
3600	Unicorn-26615.exe
3988	Unicorn-42454.exe
548	Unicorn-8247.exe
1964	Unicorn-21054.exe
3596	Unicorn-15346.exe
3856	Unicorn-2693.exe
3536	Unicorn-10743.exe
3972	Unicorn-63514.exe
1148	Unicorn-18720.exe
1020	Unicorn-59295.exe
4048	Unicorn-62174.exe
452	Unicorn-23934.exe
4256	Unicorn-62174.exe
2120	Unicorn-26312.exe
624	Unicorn-36976.exe
4356	Unicorn-11511.exe
2672	Unicorn-60520.exe
4756	Unicorn-19488.exe
4556	Unicorn-2965.exe
4964	Unicorn-60328.exe
2896	Unicorn-40462.exe
3796	Unicorn-60328.exe
1940	Unicorn-13357.exe
748	Unicorn-15958.exe
1104	Unicorn-60135.exe
3192	Unicorn-60328.exe
3552	Unicorn-35559.exe
2168	Unicorn-35824.exe
4696	Unicorn-198.exe
3340	Unicorn-57567.exe
5116	Unicorn-62440.exe
3136	Unicorn-665.exe
3016	Unicorn-11615.exe
2836	Unicorn-19784.exe
3732	Unicorn-40950.exe
1828	Unicorn-43712.exe
2692	Unicorn-35544.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 1396	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	86
PID 3772 wrote to memory of 1396	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	86
PID 3772 wrote to memory of 1396	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	86
PID 1396 wrote to memory of 3896	1396	Unicorn-50216.exe	87
PID 1396 wrote to memory of 3896	1396	Unicorn-50216.exe	87
PID 1396 wrote to memory of 3896	1396	Unicorn-50216.exe	87
PID 3772 wrote to memory of 4748	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	88
PID 3772 wrote to memory of 4748	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	88
PID 3772 wrote to memory of 4748	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	88
PID 3896 wrote to memory of 1444	3896	Unicorn-45696.exe	89
PID 3896 wrote to memory of 1444	3896	Unicorn-45696.exe	89
PID 3896 wrote to memory of 1444	3896	Unicorn-45696.exe	89
PID 4748 wrote to memory of 1664	4748	Unicorn-58503.exe	90
PID 4748 wrote to memory of 1664	4748	Unicorn-58503.exe	90
PID 4748 wrote to memory of 1664	4748	Unicorn-58503.exe	90
PID 1396 wrote to memory of 468	1396	Unicorn-50216.exe	91
PID 1396 wrote to memory of 468	1396	Unicorn-50216.exe	91
PID 1396 wrote to memory of 468	1396	Unicorn-50216.exe	91
PID 3772 wrote to memory of 924	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	92
PID 3772 wrote to memory of 924	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	92
PID 3772 wrote to memory of 924	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	92
PID 1664 wrote to memory of 1156	1664	Unicorn-4658.exe	93
PID 1664 wrote to memory of 1156	1664	Unicorn-4658.exe	93
PID 1664 wrote to memory of 1156	1664	Unicorn-4658.exe	93
PID 4748 wrote to memory of 4804	4748	Unicorn-58503.exe	94
PID 4748 wrote to memory of 4804	4748	Unicorn-58503.exe	94
PID 4748 wrote to memory of 4804	4748	Unicorn-58503.exe	94
PID 3896 wrote to memory of 4768	3896	Unicorn-45696.exe	96
PID 3896 wrote to memory of 4768	3896	Unicorn-45696.exe	96
PID 3896 wrote to memory of 4768	3896	Unicorn-45696.exe	96
PID 1444 wrote to memory of 4700	1444	Unicorn-38400.exe	95
PID 1444 wrote to memory of 4700	1444	Unicorn-38400.exe	95
PID 1444 wrote to memory of 4700	1444	Unicorn-38400.exe	95
PID 468 wrote to memory of 4864	468	Unicorn-50330.exe	97
PID 468 wrote to memory of 4864	468	Unicorn-50330.exe	97
PID 468 wrote to memory of 4864	468	Unicorn-50330.exe	97
PID 1396 wrote to memory of 3292	1396	Unicorn-50216.exe	98
PID 1396 wrote to memory of 3292	1396	Unicorn-50216.exe	98
PID 1396 wrote to memory of 3292	1396	Unicorn-50216.exe	98
PID 924 wrote to memory of 4476	924	Unicorn-64942.exe	100
PID 924 wrote to memory of 4476	924	Unicorn-64942.exe	100
PID 924 wrote to memory of 4476	924	Unicorn-64942.exe	100
PID 3772 wrote to memory of 876	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	99
PID 3772 wrote to memory of 876	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	99
PID 3772 wrote to memory of 876	3772	fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe	99
PID 1156 wrote to memory of 4588	1156	Unicorn-16112.exe	101
PID 1156 wrote to memory of 4588	1156	Unicorn-16112.exe	101
PID 1156 wrote to memory of 4588	1156	Unicorn-16112.exe	101
PID 1664 wrote to memory of 4584	1664	Unicorn-4658.exe	102
PID 1664 wrote to memory of 4584	1664	Unicorn-4658.exe	102
PID 1664 wrote to memory of 4584	1664	Unicorn-4658.exe	102
PID 4804 wrote to memory of 5108	4804	Unicorn-46023.exe	103
PID 4804 wrote to memory of 5108	4804	Unicorn-46023.exe	103
PID 4804 wrote to memory of 5108	4804	Unicorn-46023.exe	103
PID 4748 wrote to memory of 2956	4748	Unicorn-58503.exe	104
PID 4748 wrote to memory of 2956	4748	Unicorn-58503.exe	104
PID 4748 wrote to memory of 2956	4748	Unicorn-58503.exe	104
PID 3292 wrote to memory of 1572	3292	Unicorn-51398.exe	105
PID 3292 wrote to memory of 1572	3292	Unicorn-51398.exe	105
PID 3292 wrote to memory of 1572	3292	Unicorn-51398.exe	105
PID 4700 wrote to memory of 4916	4700	Unicorn-24856.exe	108
PID 4700 wrote to memory of 4916	4700	Unicorn-24856.exe	108
PID 4700 wrote to memory of 4916	4700	Unicorn-24856.exe	108
PID 4768 wrote to memory of 4972	4768	Unicorn-44954.exe	106

C:\Users\Admin\AppData\Local\Temp\fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe
"C:\Users\Admin\AppData\Local\Temp\fd2be015cc4120cfad4210aa729be6327c6434df0584c564857073cf5fdfcc64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        10⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        9⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        9⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37110.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        9⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        9⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        10⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        10⤵
        
        PID:18628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        9⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
        9⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        9⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        9⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        9⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        9⤵
        
        PID:18752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        8⤵
        
        PID:18932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        8⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        8⤵
        
        PID:18540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2695.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        6⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53958.exe
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        7⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        6⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        7⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        7⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        9⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        10⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        10⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        8⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        8⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        8⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        8⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        7⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        6⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        8⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        5⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        7⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        5⤵
        
        PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:18512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7991.exe
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        5⤵
        
        PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35559.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        8⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        6⤵
        
        PID:18468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        5⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        5⤵
        
        PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
      4⤵
      PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4978.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        10⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        10⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        9⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        8⤵
        
        PID:18640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        9⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        9⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
        9⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        9⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        8⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52823.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        8⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
        8⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        8⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        7⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        7⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        8⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        7⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        6⤵
        
        PID:18840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1733.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        8⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        5⤵
        
        PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9321.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        7⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        6⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        5⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
      4⤵
      PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        
        PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
      4⤵
      PID:18804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        6⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        9⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        8⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        8⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        7⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        6⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        8⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37334.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        6⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        7⤵
        
        PID:16328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
      4⤵
      Executes dropped EXE
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
      4⤵
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
      4⤵
      PID:15036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        7⤵
        
        PID:18524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        6⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        5⤵
        
        PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        6⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        5⤵
        
        PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        5⤵
        
        PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54911.exe
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
      4⤵
      PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
      4⤵
      PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
      4⤵
      PID:16104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
      4⤵
      PID:11020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
    3⤵
    PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
    3⤵
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
    3⤵
    PID:15044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
    3⤵
    PID:16656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        10⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        10⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        9⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        9⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        8⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
        9⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        10⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49082.exe
        10⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        9⤵
        
        PID:18876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        9⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        9⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        9⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        9⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        8⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65382.exe
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        7⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11165.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        9⤵
        
        PID:18736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        5⤵
        Executes dropped EXE
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        8⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        9⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        9⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        8⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        6⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
        6⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        7⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        5⤵
        
        PID:16664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        9⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        8⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34611.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        7⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        8⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40329.exe
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        6⤵
        
        PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19638.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11615.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        8⤵
        
        PID:18884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        7⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10509.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        6⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        7⤵
        
        PID:18792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        6⤵
        
        PID:18480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        5⤵
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44019.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        7⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46550.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        6⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        5⤵
        
        PID:18436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
      4⤵
      PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
      4⤵
      PID:17136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37760.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        9⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        9⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        8⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55457.exe
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        5⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        5⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        6⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:18488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        6⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        5⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        5⤵
        
        PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        6⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        5⤵
        
        PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        5⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
      4⤵
      PID:15760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        8⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        6⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        7⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46638.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
      4⤵
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        7⤵
        
        PID:18848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        6⤵
        
        PID:18832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        5⤵
        
        PID:18456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        5⤵
        
        PID:18444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        6⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47489.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
    3⤵
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        6⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
      4⤵
      PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
      4⤵
      PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
      4⤵
      PID:16056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
      4⤵
      PID:15156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
    3⤵
    PID:13668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
    3⤵
    PID:14572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
    3⤵
    PID:17108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        5⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        8⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        8⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        6⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        7⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        5⤵
        
        PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        5⤵
        
        PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
      4⤵
      PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
      4⤵
      PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
      4⤵
      PID:18556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46976.exe
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        8⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        6⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        5⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        5⤵
        
        PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        7⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54131.exe
        6⤵
        
        PID:18532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        5⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        5⤵
        
        PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
      4⤵
      PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        5⤵
        
        PID:18924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9086.exe
      4⤵
      PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
      4⤵
      PID:18916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
      4⤵
      PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
      4⤵
      PID:15132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15132 -s 76
        5⤵
        Program crash
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      4⤵
      PID:18772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
    3⤵
    PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
    3⤵
    PID:13372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    3⤵
    PID:15324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        8⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26766.exe
        7⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13048 -s 472
        8⤵
        Program crash
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        7⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        6⤵
        
        PID:18464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        5⤵
        
        PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
      4⤵
      PID:15316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
      4⤵
      PID:15644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-301.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        
        PID:16380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
      4⤵
      PID:1840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
    3⤵
    PID:7928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
    3⤵
    PID:13220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
    3⤵
    PID:14560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
    3⤵
    PID:18820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        7⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1406.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
      4⤵
      PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
      4⤵
      PID:64
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62081.exe
    3⤵
    PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23744.exe
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
    3⤵
    PID:10528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
    3⤵
    PID:15248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
    3⤵
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
        5⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        6⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
      4⤵
      PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
    3⤵
    PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
      4⤵
      PID:9556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
      4⤵
      PID:13228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
    3⤵
    PID:10580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
    3⤵
    PID:15740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
  2⤵
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
    3⤵
    PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
      4⤵
      PID:16200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
    3⤵
    PID:11444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
    3⤵
    PID:2212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
  2⤵
  PID:6872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
    3⤵
    PID:8228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
    3⤵
    PID:15228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
  2⤵
  PID:10436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
  2⤵
  PID:3144

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 15132 -ip 15132
1⤵
PID:15000

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\f15909cec8624935a0e298071c46466f /t 1764 /p 2488
1⤵
PID:14644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 13048 -ip 13048
1⤵
PID:15208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 8608 -ip 8608
1⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 13668 -ip 13668
1⤵
PID:11052

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15920

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:11528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe

Filesize
468KB

MD5
920e6fba0af28c14d9ef9bd1cb36d13f

SHA1
634203e417406b0eb750d70438e7ca40f3f65116

SHA256
275eee868d78622504e2e352665585a56001a7cd199a33b821ad65e98ea3f6fb

SHA512
93d4df680c0d000d4b98221b2e3e8d6a384d9654927acd8129881a96552363ecacf7a497aef0c831186b425a2c85e359ab801e580564d90e0a586302b4e1f6aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe

Filesize
468KB

MD5
de1cc3377a4ca9fef23d8559b779ddd4

SHA1
419201131cb70909ca8367716cbf502a9ac53548

SHA256
6c35c3fc61e1565d9ddfbe64a798b0bc3713392be2b590ff0068599f78dc9d38

SHA512
a5ddcc90507c0cbd491abd135fac80195457f658a82e90fb4e1c11326b261aaffe86a11ab08f9726be5bd66a32c977faffac81813ee3a8741e160275a12d6217

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe

Filesize
468KB

MD5
d9acc919ce77a11650066db70d503a31

SHA1
51a8297acaf15e6df396514af3497757e86e9a6e

SHA256
08125be070d37df1f44f2a9ddc4f8ee3eabd2e51cb700b8638f0e822739efd29

SHA512
aaca5c4d86bdc350c36d9be8b5fb9da4164ed478203992132ef718f116e9e31703eec08acf4b4acdbf5b7f4e62a7121d59426d4dc6a4df1675be9ec415a2fbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe

Filesize
468KB

MD5
e6af4b5557f28e1fb8b95d4a74d35e40

SHA1
e5665e59244c9e01e9c433320c103695bc123174

SHA256
f1639a5ae523ecb5778ea9b0aeac8834129714ab98cd41d1ff89c4083b006e58

SHA512
670166c0cff975b784aa029f63584e1f55639c0cd72e4ca19489150bce1288b5d94ab6afa8402bfb2ef0ccc894574e73da51e70084306dd82b25a85cae256764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe

Filesize
468KB

MD5
27cd1430154ba5f696786bf2cafae20d

SHA1
75ff0db625b289e5355663d322d75d0e9071f3a0

SHA256
fc6a26b203bf9d23393914d64bbe26c4ef1b3e36b1a3368eb17ec15c7040865a

SHA512
61391ee742a2b17f4d06f89edcb299c5d4db6237b0b7cf683072effb5e55a4b280f9123363bc54a4ee379862351bc0f30c29b29b65db969747043c9c9340695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe

Filesize
468KB

MD5
a5883799ba6d82042ee81f291bb5acfa

SHA1
0bb7dcdee11e533b1cc2b1965bdc7188c83bb8ed

SHA256
6e9016419a6c818f4eaab2396187505425df6cf92c5df6a484612881402adc04

SHA512
5c34d54c2bfedd868d10f1470166d1f5308026826c2c4c2933b3d4637b7b5d958ac1e0de46bf0ebd1602ff8569a2ecf4f3a1853a545c7676af6cb67507195d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe

Filesize
468KB

MD5
559eb644db40f4e04ce92f4293d9d4bc

SHA1
eee492dd6b4c615bbf6975cb1c3ace6ac1b98686

SHA256
b2ac11d4b9f2680e37666135cb5bd57f3b741c49ec6eae45e7728570bf3418e2

SHA512
64f5db24523dc4ada2ca8915ec11da83eb5d367f0c415dc443b0c6619c54f898c8822070d7d1c3281471d11bef0fe07f0bf0a7f5df8ca3eca05e43a737ce4e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe

Filesize
468KB

MD5
214f6e914ee8113828138358dfb6fcd0

SHA1
f7d4b73e6d2c42a45518702701ea3867e19842d9

SHA256
965ab4ddf904e1ea793d741cb05873e2d216f0240925c7dbfce822240c662177

SHA512
e96287685c3a963f9e05f1c6b3adf675eda42f1bc7efb0872d5ab01c769f181a7e9c94240188cc66a5ad6061a3d7db19a86598af01395d1e28c2801c79b51ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe

Filesize
468KB

MD5
f146085b6368e6a94b8d43895871ec4a

SHA1
7feae9919ac0c181ef83f53a727c55be148d606a

SHA256
c7ce134ecddf1a8e5b72485952402dc64fe73ef927232243d49d1751570e39f5

SHA512
efef62a2e79abd7f0aa984f4763e11ba2ff4808e3d9ae63a1524b502eee80f5998ee2a87a8037465168859757479f1517148df1d818fe7e333f963858456dd74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe

Filesize
468KB

MD5
a07ae711da8e94a0f6061237a600bfc7

SHA1
3d57da19eae40452e9da6008512f90a34f189567

SHA256
0081dd5c315931362aca9e17239992e70df6bfc1a1f8931b179bd3e63f8ffbaf

SHA512
d7788762b74d0e1c5a00d4addc0c16a76cc0a679970afaf70f49f0c08e7e1728db24e976078d62738b8ad94059b27037acc44dd4b6ab001f84b9967a88fae4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe

Filesize
468KB

MD5
2c0a8dfe4cd6eb7b4da4777b5ad666a6

SHA1
ee532dbc66d7170871a0cf5390627fd155108a8c

SHA256
5eabc5c017e985026697a03e872aac1bfd49f25a08775e98e5720e29b569399f

SHA512
daaca6ecd81cb73abb0cf1582ec52ba8830806536c4f769157c86deeb9bb8014ca537a68665cc247d46da90493ba7ad21920fec8f587902095a7bee74bf97428

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe

Filesize
468KB

MD5
4a780ea64e7f065f41713c69e333f5d6

SHA1
a07b81ae61a4ad6bd743561e352d55e2840e9e4e

SHA256
0423a78457629ed5e645b636f71a80afe461f526105ee9adc8a15eeeba8d318e

SHA512
eb0f7f8cbacb08f6f66f51f98121cd7759d7e41fb7b3180a9d4479cf80d99506f047c2feb306fb0887274be688f1a332b165a30a58620ea898be26f95c2ce0ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe

Filesize
468KB

MD5
52fb4320c1a50c9b4200ef35fed20130

SHA1
84d7def80f37e1d13c8f7e6cf0760e54ed3baf01

SHA256
d6a858eab71401ace03433bd08ad3e39f7ed2333b5cf31b15c9c139b4302398c

SHA512
f229cb2dd4f45027e510903e451206818650a4cf93381541ed35bc91cce2ddd9b37bc71db1fa631c487eff05890e6247f8cdf4b660323c34ffe7de075c58ef15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe

Filesize
468KB

MD5
d2831884a831b48abb63062bce8be50e

SHA1
f8cb9bcdda5e86412b69f26aa42a3fce767fbb04

SHA256
a7aa535904f2d10bed583cb29a4d597e71079dfcd2182425d6a47ecc6085d0af

SHA512
8d8ed2f52bedf86ff8da5087088aa62c379ba8de7a528dfed56b0e8ef46a9b69693f04faa8b239ae7719413582f8d616209a82e168338baf18180546d1bf5129

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe

Filesize
468KB

MD5
6b98e7dee7348a3f64e2680d8012e7d8

SHA1
86d30e3facf26d2eec4dbbaca91e7a35f83bbf3d

SHA256
f27386da8fa24bf0cb703b1fc0f251c555c4c4fb64f6a5a8000106976ddd5c9e

SHA512
2e052f6ee96b76b58916db81db1f75d227310e17a04ceda00fc333b65a7fa2ab0cc7a22d8e9bbdfef49cd6fd95f6d051f9395188ff367805a6e6b698e10b0901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe

Filesize
468KB

MD5
28c718679de32a6409f5105615668472

SHA1
304c3793f37f8be66ae250f4a2572e8bc5d3525f

SHA256
d0fa87a4f30dba435326ae881e8f79c2d17497ab4019cab30b3cc928a18bf6cb

SHA512
3eec93f3c94cb15483c815a8a568a8041396113f809ca38d7d2c68e2638f3211b01e67caa6ab522f24d02b7a381c2c942200d299cd4376681df26d08c4af303e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe

Filesize
468KB

MD5
be9589f1352a990375822cd250c00584

SHA1
724ae42c84d551dfda3b0e9ae69c5805209aa636

SHA256
cb66415ff9920d9400ed8084467f0ae20a29e37fca1d761538aa3add1f0d4ab4

SHA512
b62ef10badbaf9ed075fbfb768dc1dfa7a31e26c9f04da3a31f0fb821cf84a4339d204f065d801fdd4ad2a9583d8c450db14b269b7c5d3ea2df7da4ea7f84fd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe

Filesize
468KB

MD5
aa775127bb40cac472c6f149a8f53a18

SHA1
f638dda965a9fbf6e22e88fa615bdcf8857686a4

SHA256
b3404553781a6f7e49b2f15ce11cc74745c7d2eb9a67e3a1ac4b9612bd5673f5

SHA512
7d6193d0073515c2f6ea56a55b44a99796dc47f3a596c2fb04bef87a23273cee08606c6f4cf6d59fcf2295729a313791f8946dc6e15048dee170611f8b56df87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe

Filesize
468KB

MD5
d14cd665ef05ac464ae293f4df48eb90

SHA1
d53aa7e0738cd5660fa9552873c08e8c81171ac4

SHA256
c39342e51044b953719a15bb69697540b504ad01fe7aab874f68ca245ea820ad

SHA512
1729e37aff81fe6f52e794604c34dda2f1dc18628b7a097bb205a3f0971cb936f68cfca4e8e473a0092da0fe889e8fac36b07feab743b6980871899b26411139

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe

Filesize
468KB

MD5
62bc34f923a03eb6c1012fea15849acf

SHA1
25d8c8a5b256351de10a071c8a77ada540c2b459

SHA256
fa37433e72d924785dc2c937f511cc9454a65f130c5489429f12ec4cf20b05c0

SHA512
85b63970ee50c3939dbb02c0b5baf0d8b7f92441863636ef15855eaf0dab5e8603784f7f9c71526d78914c6990053d838f9f98a7de990edf441277221e280358

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe

Filesize
468KB

MD5
909e61cbd914d93911b657ec15cb768b

SHA1
18ab16dbe5b551ee4aa0935ca7eb96d7362d4613

SHA256
1f929560001bb16eec8fd89c0eb4295d66cf18cf2113d7274ddff4faf85479bf

SHA512
a5b03d8c45c2c3c48d3e84da61cf893cc65e1f5c94baad02d1050569464de963847d8fbc68c5f726f38031d1e4d3a22e125e567d58694a14118472921d980c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe

Filesize
468KB

MD5
6ed60fccf3ee3701b9811e95572e1a54

SHA1
3f7a4adb89fc8b46ac68aba9c77f4927f3b3caef

SHA256
c7b355b9156f15e8eb802724aac1526b456874a356bbff092feb0e31ae764355

SHA512
7401468304fcb3269e150c3dbdba658602c8f7377e32549b32bbf412cc853df97c5c52a0630ad92b9ec53624bf6c2e3ff7b00fe78ee271f9622e5e1838475bd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe

Filesize
468KB

MD5
2447ecb224284352825b04d455cae6c5

SHA1
cc5dc02d1015b68bffbb3d5c8bd7763b4b7b829d

SHA256
e2f66776f5dd6e76eff2717549d0361eaeba7b041f99c64a13c2c44c230b986a

SHA512
61a0a238c4bbd6805da5c68d724a53261f8e2ef5be08e8f6e1bf7d9979bcac60a67f961eb6f3311ec4747708dd99b6dfa869d2988e9766960a7a24cd414bddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe

Filesize
468KB

MD5
54247ecb8c0009c574c3b0148be30551

SHA1
ed28b86d04b7a11d1ab93ac46d7313a61c91e717

SHA256
3aa92d6c3979721f110f8c34dee4530bf889010d04f927ead7c653a376712959

SHA512
4cbbf0bfa8b303e35c9f6b10d187b3e1bf6804db61ccfda92029e5fe72ba3f330f7f8fbdc7ce1e7cb44f3c7fe99d3c6ea51427184bbb777d9a4681dff2dc1659

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe

Filesize
468KB

MD5
053c3440167ba85eff8249702e498400

SHA1
68564fb228e89d77eeb6ba42d7310e347f4e8441

SHA256
83aeece36f9a0f24cc3fb83e204e82c838512b2ea480a37a8b94d236845566e7

SHA512
3ffa9202f7f14c8e94c14b154ca4035cd9eb47ec9c7d4e09959ed6a7fb0f47f2e7deb4b4aff34f44bc3c3e96e9b6bd364a99e0acd8d530ac9149813896ef9cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe

Filesize
468KB

MD5
3aead83ca0086cbceb470055ceff6bc0

SHA1
fd910dc4ecc8e9997854327a236c3735ae17d18b

SHA256
aa00d48c6b875398d3f8e76b53fa8d65341225eb863a71960f3f356328c5ce39

SHA512
30299377d763e83c9faae89e631efab528542e17e3ff2497b839ecfeac277a2f9be49752cdbd8b8cb7311a0a7383cb73526002f706e9d0d48d2e69ba2f3e6ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe

Filesize
468KB

MD5
d773b232d4470553b8c215560fc712f4

SHA1
f8f02cfd39d794b670d9028781043912f160e03a

SHA256
b3ff97f5aa32d3a1893d4eae4743253d5ae7e1649cb4cbd785add485bee22a58

SHA512
0b3cd53bfca39a19c330113bcfccfa8a62b7c4cc91d565fde18a2bc9bca99f9124c4c810d6b4dc6ad3ac809ebd9702230044ede039c965c90c50280bc083ad0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59744.exe

Filesize
468KB

MD5
fecf1918b991f15b88d830fc9d60f1bb

SHA1
74edcf319fbd07cf47b14d365f3f5624c53c2907

SHA256
d2e382768e8f22e70956f766954e6bfbe5f9f24866ba7ad95178498df817a4ff

SHA512
a9f49e2b74fef79b519bf0f1e927f377d1fe318558a65943fe40990bcc8e12de98732aa90b0f1a20047e6b3004d78edb0d38d7efd8252b99b22a095ebbb01883

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe

Filesize
468KB

MD5
9676b4b6b2d93624e207b7a819888a80

SHA1
1d4b941f09cc571d2e355378120b00f121e34273

SHA256
310d32f694483493c3957d1ea029c5bc93d98d673dc8ecc083fbe9710f2ca786

SHA512
0e6baffec8f119b864fbe43aa935f4f8d73da6c345fd520ad1e7c2ba316ade51ba151a074ec95874639ead8b010d415e13cc4cda45e31d92dc5ad240aab8715d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe

Filesize
468KB

MD5
602b1fa49d5d7466d5c6ca2967faeb24

SHA1
36445ab2a49dba7a62e28e4d36c1f40b49e66715

SHA256
959f4988e873af6ae3c046e9a8bd371376af2c122f8d9f0cf693396803ee3bbf

SHA512
f32ee0c0f30fe3ffaba824d51e7df3de43584d7dcc8287724a86872bd1272ad29b9c17ccfa34b14f030e6e7936b565858cdd94eb256ace9cb7ee004627a070fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe

Filesize
468KB

MD5
97e0c5a2aa2ea164142146170832d362

SHA1
810dc3598979ad195c810a67dc8156741cfb4250

SHA256
09414711e2a6ac24d63b5507f592100dca2ad265bbe2103782a9e662f763af75

SHA512
b25f1d7a6637a7dea8b02049aec2814421c8b1652dfa16f9271103677bf151d358db4614a91ed3eba4db08e310f3d9e2d77c556be471884e452b936f702acca3

Download Submit
memory/60-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/468-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/540-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/548-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/592-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/760-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/876-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/924-46-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1020-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1104-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1156-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1284-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1396-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1444-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1572-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1632-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1664-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1828-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1940-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1984-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2120-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-3442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2232-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2404-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2692-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2808-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2956-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3016-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3136-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3188-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3292-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3304-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3316-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3340-316-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3536-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3552-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3580-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3600-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3732-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3772-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3856-225-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3972-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4048-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4204-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4232-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4256-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4276-464-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4312-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4316-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4344-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4356-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-449-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4556-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4584-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4588-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4588-2405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4696-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-2404-0x0000000076B50000-0x0000000076C0F000-memory.dmp

Filesize
764KB

Download
memory/4756-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4768-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4864-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4964-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4972-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5108-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13428-2376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13968-2375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14276-2607-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14328-2377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14492-3250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14684-2861-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14724-3443-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15044-2878-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads