6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6

Analysis

max time kernel
115s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe
Size

468KB
MD5

bbf7b36df0ae153bbe70714708508720
SHA1

1a94d1480da58a4ac144ad16fab720ee7d7f507a
SHA256

6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6
SHA512

d2835cb64b62e9931b89a22be6a99853954a6777c949a7d3b5322cb5a3b933140e93d2f2c6b8837ebb92dee1ad1e857eca472d5b910e1cb84db8482e137f7439
SSDEEP

3072:h4DKowjNjy8U6bYPfzsjYfL/lhZoIpBhmHeAVXWC0aXbroNORlo:h4mowLU6kfwjYfS0VlC0E3oNO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4396	Unicorn-34166.exe
3492	Unicorn-694.exe
3552	Unicorn-30029.exe
1588	Unicorn-41447.exe
2180	Unicorn-41639.exe
1684	Unicorn-21773.exe
1220	Unicorn-35509.exe
3328	Unicorn-15157.exe
3120	Unicorn-30150.exe
3076	Unicorn-29885.exe
3628	Unicorn-48494.exe
1188	Unicorn-2822.exe
3232	Unicorn-35303.exe
4216	Unicorn-48494.exe
4512	Unicorn-24403.exe
2212	Unicorn-1805.exe
464	Unicorn-56159.exe
632	Unicorn-10357.exe
4804	Unicorn-31847.exe
3568	Unicorn-53014.exe
2764	Unicorn-31582.exe
1520	Unicorn-36677.exe
2364	Unicorn-1427.exe
4460	Unicorn-56029.exe
2328	Unicorn-48375.exe
2736	Unicorn-56735.exe
3836	Unicorn-31847.exe
888	Unicorn-47031.exe
1908	Unicorn-50605.exe
4724	Unicorn-60.exe
1052	Unicorn-51862.exe
2972	Unicorn-40372.exe
2752	Unicorn-24359.exe
3708	Unicorn-51359.exe
648	Unicorn-29101.exe
1108	Unicorn-11333.exe
1372	Unicorn-60534.exe
1688	Unicorn-49351.exe
3548	Unicorn-60726.exe
4404	Unicorn-15261.exe
4468	Unicorn-61198.exe
4400	Unicorn-61582.exe
3088	Unicorn-51790.exe
2420	Unicorn-51790.exe
4836	Unicorn-51790.exe
1956	Unicorn-12485.exe
1872	Unicorn-61686.exe
1864	Unicorn-63310.exe
1896	Unicorn-53518.exe
3312	Unicorn-42335.exe
2760	Unicorn-12220.exe
3908	Unicorn-12869.exe
744	Unicorn-42204.exe
3504	Unicorn-53710.exe
4984	Unicorn-12677.exe
4516	Unicorn-55940.exe
2572	Unicorn-58733.exe
3412	Unicorn-4131.exe
440	Unicorn-62262.exe
748	Unicorn-56132.exe
4164	Unicorn-12084.exe
3992	Unicorn-23045.exe
1708	Unicorn-58286.exe
2696	Unicorn-6931.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6556	1864	WerFault.exe	148

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25261.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6656	dwm.exe
Token: SeChangeNotifyPrivilege	6656	dwm.exe
Token: 33	6656	dwm.exe
Token: SeIncBasePriorityPrivilege	6656	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe
4396	Unicorn-34166.exe
3552	Unicorn-30029.exe
3492	Unicorn-694.exe
1220	Unicorn-35509.exe
1684	Unicorn-21773.exe
1588	Unicorn-41447.exe
2180	Unicorn-41639.exe
3328	Unicorn-15157.exe
3076	Unicorn-29885.exe
3120	Unicorn-30150.exe
4512	Unicorn-24403.exe
3628	Unicorn-48494.exe
3232	Unicorn-35303.exe
4216	Unicorn-48494.exe
1188	Unicorn-2822.exe
2212	Unicorn-1805.exe
2364	Unicorn-1427.exe
464	Unicorn-56159.exe
632	Unicorn-10357.exe
4804	Unicorn-31847.exe
2764	Unicorn-31582.exe
1520	Unicorn-36677.exe
4460	Unicorn-56029.exe
3568	Unicorn-53014.exe
4724	Unicorn-60.exe
2736	Unicorn-56735.exe
1908	Unicorn-50605.exe
888	Unicorn-47031.exe
2328	Unicorn-48375.exe
3836	Unicorn-31847.exe
1052	Unicorn-51862.exe
2972	Unicorn-40372.exe
2752	Unicorn-24359.exe
3708	Unicorn-51359.exe
648	Unicorn-29101.exe
1372	Unicorn-60534.exe
1108	Unicorn-11333.exe
1688	Unicorn-49351.exe
3548	Unicorn-60726.exe
4404	Unicorn-15261.exe
4468	Unicorn-61198.exe
4400	Unicorn-61582.exe
4836	Unicorn-51790.exe
1864	Unicorn-63310.exe
3088	Unicorn-51790.exe
2420	Unicorn-51790.exe
1956	Unicorn-12485.exe
1896	Unicorn-53518.exe
1872	Unicorn-61686.exe
744	Unicorn-42204.exe
2760	Unicorn-12220.exe
3312	Unicorn-42335.exe
3992	Unicorn-23045.exe
4164	Unicorn-12084.exe
1708	Unicorn-58286.exe
3908	Unicorn-12869.exe
4516	Unicorn-55940.exe
748	Unicorn-56132.exe
3412	Unicorn-4131.exe
4984	Unicorn-12677.exe
2572	Unicorn-58733.exe
440	Unicorn-62262.exe
3504	Unicorn-53710.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 4396	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	89
PID 4328 wrote to memory of 4396	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	89
PID 4328 wrote to memory of 4396	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	89
PID 4396 wrote to memory of 3492	4396	Unicorn-34166.exe	95
PID 4396 wrote to memory of 3492	4396	Unicorn-34166.exe	95
PID 4396 wrote to memory of 3492	4396	Unicorn-34166.exe	95
PID 4328 wrote to memory of 3552	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	96
PID 4328 wrote to memory of 3552	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	96
PID 4328 wrote to memory of 3552	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	96
PID 3552 wrote to memory of 1588	3552	Unicorn-30029.exe	101
PID 3552 wrote to memory of 1588	3552	Unicorn-30029.exe	101
PID 3552 wrote to memory of 1588	3552	Unicorn-30029.exe	101
PID 3492 wrote to memory of 2180	3492	Unicorn-694.exe	102
PID 3492 wrote to memory of 2180	3492	Unicorn-694.exe	102
PID 3492 wrote to memory of 2180	3492	Unicorn-694.exe	102
PID 4396 wrote to memory of 1684	4396	Unicorn-34166.exe	104
PID 4396 wrote to memory of 1684	4396	Unicorn-34166.exe	104
PID 4396 wrote to memory of 1684	4396	Unicorn-34166.exe	104
PID 4328 wrote to memory of 1220	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	103
PID 4328 wrote to memory of 1220	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	103
PID 4328 wrote to memory of 1220	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	103
PID 1220 wrote to memory of 3328	1220	Unicorn-35509.exe	107
PID 1220 wrote to memory of 3328	1220	Unicorn-35509.exe	107
PID 1220 wrote to memory of 3328	1220	Unicorn-35509.exe	107
PID 1684 wrote to memory of 3120	1684	Unicorn-21773.exe	109
PID 1684 wrote to memory of 3120	1684	Unicorn-21773.exe	109
PID 1684 wrote to memory of 3120	1684	Unicorn-21773.exe	109
PID 4328 wrote to memory of 3076	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	108
PID 4328 wrote to memory of 3076	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	108
PID 4328 wrote to memory of 3076	4328	6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe	108
PID 3492 wrote to memory of 3628	3492	Unicorn-694.exe	111
PID 3492 wrote to memory of 3628	3492	Unicorn-694.exe	111
PID 3492 wrote to memory of 3628	3492	Unicorn-694.exe	111
PID 2180 wrote to memory of 1188	2180	Unicorn-41639.exe	113
PID 2180 wrote to memory of 1188	2180	Unicorn-41639.exe	113
PID 2180 wrote to memory of 1188	2180	Unicorn-41639.exe	113
PID 1588 wrote to memory of 3232	1588	Unicorn-41447.exe	110
PID 1588 wrote to memory of 3232	1588	Unicorn-41447.exe	110
PID 1588 wrote to memory of 3232	1588	Unicorn-41447.exe	110
PID 3552 wrote to memory of 4216	3552	Unicorn-30029.exe	112
PID 3552 wrote to memory of 4216	3552	Unicorn-30029.exe	112
PID 3552 wrote to memory of 4216	3552	Unicorn-30029.exe	112
PID 4396 wrote to memory of 4512	4396	Unicorn-34166.exe	114
PID 4396 wrote to memory of 4512	4396	Unicorn-34166.exe	114
PID 4396 wrote to memory of 4512	4396	Unicorn-34166.exe	114
PID 3328 wrote to memory of 2212	3328	Unicorn-15157.exe	115
PID 3328 wrote to memory of 2212	3328	Unicorn-15157.exe	115
PID 3328 wrote to memory of 2212	3328	Unicorn-15157.exe	115
PID 4512 wrote to memory of 464	4512	Unicorn-24403.exe	116
PID 4512 wrote to memory of 464	4512	Unicorn-24403.exe	116
PID 4512 wrote to memory of 464	4512	Unicorn-24403.exe	116
PID 3232 wrote to memory of 632	3232	Unicorn-35303.exe	117
PID 3232 wrote to memory of 632	3232	Unicorn-35303.exe	117
PID 3232 wrote to memory of 632	3232	Unicorn-35303.exe	117
PID 3120 wrote to memory of 4804	3120	Unicorn-30150.exe	121
PID 3120 wrote to memory of 4804	3120	Unicorn-30150.exe	121
PID 3120 wrote to memory of 4804	3120	Unicorn-30150.exe	121
PID 1684 wrote to memory of 3568	1684	Unicorn-21773.exe	123
PID 1684 wrote to memory of 3568	1684	Unicorn-21773.exe	123
PID 1684 wrote to memory of 3568	1684	Unicorn-21773.exe	123
PID 4396 wrote to memory of 2764	4396	Unicorn-34166.exe	118
PID 4396 wrote to memory of 2764	4396	Unicorn-34166.exe	118
PID 4396 wrote to memory of 2764	4396	Unicorn-34166.exe	118
PID 1588 wrote to memory of 1520	1588	Unicorn-41447.exe	124

C:\Users\Admin\AppData\Local\Temp\6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe
"C:\Users\Admin\AppData\Local\Temp\6f593fff88d2884190df453445e28e4a6c58451d6c56c340a593ead7539613f6N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        9⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        10⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        10⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        9⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11323.exe
        9⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        9⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
        9⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        8⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        8⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        9⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        9⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        9⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        8⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        8⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6435.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        7⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        7⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41099.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        6⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        6⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28286.exe
        9⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10140.exe
        9⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        9⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        8⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        8⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        8⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        7⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        6⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        7⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        6⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        9⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
        9⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
        8⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14460.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        8⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        8⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43683.exe
        6⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        5⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        5⤵
        
        PID:15376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        5⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      4⤵
      PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        5⤵
        
        PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        9⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        9⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        8⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        7⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        7⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        6⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        8⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3220.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        5⤵
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        8⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63349.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16821.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        6⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        6⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
      4⤵
      Executes dropped EXE
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        5⤵
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40870.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
      4⤵
      PID:16472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        8⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        7⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        7⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        7⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        7⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
        6⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52740.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        5⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        7⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38757.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        5⤵
        
        PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
      4⤵
      PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
      4⤵
      PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
      4⤵
      PID:13304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
    3⤵
    PID:8556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41388.exe
    3⤵
    PID:11848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
    3⤵
    PID:15708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        9⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        10⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        10⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
        9⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        9⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        8⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        9⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        9⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        8⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
        9⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        9⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        8⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        8⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        7⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        7⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        7⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
        9⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        8⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        8⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        7⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        6⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        6⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        5⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        8⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
        8⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        7⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        6⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        7⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        6⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        6⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33750.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4538.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53395.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64973.exe
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        6⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64764.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
      4⤵
      PID:8984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        6⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        7⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 632
        5⤵
        Program crash
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        6⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
        5⤵
        
        PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
      4⤵
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65279.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2878.exe
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        6⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4388.exe
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1803.exe
      4⤵
      PID:13884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
      4⤵
      PID:9176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61292.exe
        6⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        5⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3524.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        5⤵
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
      4⤵
      PID:17260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2878.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        5⤵
        
        PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
      4⤵
      PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
      4⤵
      PID:16408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
    3⤵
    PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
      4⤵
      PID:8436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
    3⤵
    PID:17216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
        9⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        8⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        8⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        8⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        7⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        8⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49334.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48342.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
        7⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        7⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        6⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32702.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
        6⤵
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10116.exe
        5⤵
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
      4⤵
      PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
      4⤵
      PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        6⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7973.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        6⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48461.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
      4⤵
      PID:8028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
    3⤵
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        5⤵
        
        PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
      4⤵
      PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
      4⤵
      PID:16048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
      4⤵
      PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
      4⤵
      PID:15556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
    3⤵
    PID:8356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
    3⤵
    PID:11520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
    3⤵
    PID:13232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
    3⤵
    PID:17016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47782.exe
        5⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
      4⤵
      PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        5⤵
        
        PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      4⤵
      PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
      4⤵
      PID:16332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58548.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
      4⤵
      PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
      4⤵
      PID:7996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
    3⤵
    PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
    3⤵
    PID:11980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
    3⤵
    PID:8088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        6⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        5⤵
        
        PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        5⤵
        
        PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
      4⤵
      PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
      4⤵
      PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
      4⤵
      PID:17268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38758.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
      4⤵
      PID:16744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
      4⤵
      PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
      4⤵
      PID:17576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
    3⤵
    PID:9604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17900.exe
    3⤵
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
    3⤵
    PID:7084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        5⤵
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38757.exe
      4⤵
      PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
      4⤵
      PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
      4⤵
      PID:15872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
      4⤵
      PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
    3⤵
    PID:7764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33130.exe
    3⤵
    PID:17148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
    3⤵
    PID:8424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11324.exe
    3⤵
    PID:11672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
    3⤵
    PID:16644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
  2⤵
  PID:7500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
  2⤵
  PID:10736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
  2⤵
  PID:13688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
  2⤵
  PID:16880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1864 -ip 1864
1⤵
PID:6084

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe

Filesize
468KB

MD5
ddd12d58a8e0b83a4102d3d263185dd4

SHA1
bca867ccba4ce3d5c94e6a27f456f918ef84f44b

SHA256
3795be4398ffc5251fbc1780b5ee90aa7a4943bd8c1b59fe8b7bc74bdeec026f

SHA512
bd03a18224ea86b74ea7d990779eaeb37a3cceee15d06d2c56225b749e467ce9c4afb29a571dfc46a5ceeba28174dfc89d940caaf121478065f77ff0fcb46999

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe

Filesize
468KB

MD5
549ab5912ef65dd6e13620c008dad3c8

SHA1
9ace2f9272180cb1485be644112bfbd0b7782aff

SHA256
a8f391bae5ae0a99a1e2a1aa43d9d10ca6ef5e1918568703a538cfaf20da8061

SHA512
f9817300a1bffda57e0660190b67c80e24b35b8f5ff3dbc35764fb68d7f803f89967712524319a23321ac47b0280be6e0ba28f55de8deed9c74299b8be90926b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe

Filesize
468KB

MD5
a9ed3f493f8cc99caafd220c1b257b15

SHA1
16d5b226147162ae48ffc989b9a2e3163501bf5b

SHA256
f0ba4ae7e095b0c33ec91ffaeac22101c49c519976c3847c59bce8395f709c38

SHA512
8b9b89cd871e062659776a70f78b356cb23405cb02602afbbcd898c99222f3fabd5877f2bbe5b864e9effcc8529ea6597f1a7181b4ae3277ff815cf1dabcad5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe

Filesize
468KB

MD5
64bb11db9c4db6b2372ce509bb6084d2

SHA1
371db7b4f5b00eed316acfe69c92b548a9d569f9

SHA256
f393bc859ed535c1e953c1873da3a17c0c86bd771bebaec4f84f950d7143e876

SHA512
8e331f3d590a1d70c939f042f8a713e0936d61c821837b512ba9c456e65c9d45c2dd85bd53ba6d1f592d6dbb8f88c02511e784a96af2a1bae0d826ae879b9d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe

Filesize
468KB

MD5
dc92c00135e24fec89ce1ed78970b0a5

SHA1
970eee349c684f976b95fbd192da6a1d6f61c5ee

SHA256
53cd702da3a028fc52dd75a3472e5ea68fb22353d229d04185ec648d2dfb3411

SHA512
ec3832ceeb4d2ced5dbe2d087dc729ba3ad30a3055761c8625455b1395a7312a215fd1b3f198240f38c2fa729a1c7ccc4456ec797852047756de943390c44a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe

Filesize
468KB

MD5
35b742ab81b2bc811a1f6a1909b13ea9

SHA1
ae9ed02ed1a71b955eb24697f308d884dc460e25

SHA256
67dbfc179d9b29b0e2680f5ec1eaeb5d18efcc134b27dc9f411e696fe3b93fc9

SHA512
bffde5ac06b3bdab0da548bfbd2835b2c32c9b23a2d3597c65f9b1268f1a35de079944b87a951dc668a5b83a483f7c623e6d6fa81305582ae7373f51b7dc26d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24403.exe

Filesize
468KB

MD5
39e4533f817c7ba9f9f80f5c129fb8d5

SHA1
0fb0ed95711df01630e5e4f3acdb6280ea2da8f1

SHA256
690227697ec7983d4c9e69f2b55f0a7db1e4f18907ff49792ddbb03ca7229873

SHA512
55c3a9ed467fcd7005ff607344d330e4fecda7d73a12b4b34dfa28e72fc2c9a4e6c1e757a494abf656c2f262557a2bb6d2f5c60b6e68ecee378607d6776f672f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe

Filesize
468KB

MD5
4af017ee78e9c694a4b5a43ec6bb13cd

SHA1
6e7d7b86ddfe172915acfd75084f299130ee49d4

SHA256
093afbf0537ecf7e432340cd4d3d8684aa9e3cab4c949014bfd2d299b4c27921

SHA512
4bad906a005357553a4617b3b4b9cb658aa7e8f7b5aa6f0276db5f5958f7f87ec7df6b60cb7791950faaa3a9bb8cd39446c7813de97df9addc325a5abb1b70ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe

Filesize
468KB

MD5
4310c3781156987ce63eaf8de1c0d24b

SHA1
d009dedddfa643213ab830c5e09c99385380c176

SHA256
ae5ac27a0d318a898ed2de3fa41aceff0de824b763c7dbaa7e8bc11fb0579423

SHA512
487cd6ee8d841ec1c9af723cc44e67f9343a1d30b958e3b4ffd46cf8bcf4023c1ea2738410d6eec32463c91c978fac7beb288599f56c282a584b8b51e7cdb727

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29885.exe

Filesize
468KB

MD5
faac2706da2d33f790c4c00f01610631

SHA1
ec2952bf3a07a0c1ddaa9aa0327709bc94e14f62

SHA256
57515b044df7f87b32bd127d7c9de20a71d54c0b1238e338c7753eaeb8e434a3

SHA512
0f0dbe60b8954d308757994bc18a184e29bcb967a69ae354d2133487f7455ac044a076b9b1bc58eefec52173ad39f1439ef38573f900cab66aa55cf76d66a36f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe

Filesize
468KB

MD5
146f665c43346cb89473c850866abcaa

SHA1
809c5e586599e938001241bb8ba4c247b806d116

SHA256
61cf19f55005c90f90217f5aa8921e7e06bfe3b6e25ef208fe59df896ee01195

SHA512
dcd2df2c89b6d00122171adf441bfac52eb1565449447dc02f3c8d70e5d72b6b44de3323eecfc110e6878b7b64fdf8bc76b60ff0c569b3b757d4f1893976f23a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe

Filesize
468KB

MD5
cdc9ad4268e66ee5bf85706898d163f3

SHA1
f1d8aeb8b1a465f9871f825ad20f7426c2ec1d27

SHA256
467f69c84515f8fcc93d2832bbed1338ad6e8b583933b647709bff0f6073c8f1

SHA512
157f62019aac8c4ff61a72e25440fbe535ec3b54659f2f36e8c81dd19319e795c8eaff2baced440cd1e57dc8c6c6dd0ca568ba1b5863ec57a47e66fa82cf4c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe

Filesize
468KB

MD5
ee99d990d56504ce11c41ca85c5bd064

SHA1
c5c62fcc2f440afd8c349324626d6a6940533fb9

SHA256
6c628a93e787ed2e88dbf417c73a3d4f765fad1df9689818b0fe806886bf4480

SHA512
260c76b9a8ca3efb3912c8fe91589f598f01ae384328f7c679d2796a6bb2c944f1329e8144a1869588e2e729ed346b1d324aba84a6c11db5a24f75549206656d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31847.exe

Filesize
468KB

MD5
84beab0cde925da9080eee816698429c

SHA1
174302632bff42be4efee435e6ffb68d8c59d03b

SHA256
46543849ac0bbf1ed3a68e346893c21f1bd8cf31ca9da89f545a5c7d89b4da51

SHA512
3f612863b8bbe0a7e227e9a8ea0bf7d1e9a01b43aab3d8f7fe088a16dbde94adb8482c3e9e1f30cf4cee21f566f8a134b058c57dc74037089f636e239e2162f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe

Filesize
468KB

MD5
6618b0e6b43f40ee7b41bda23c39a279

SHA1
44ad6a9664a372f9bf109db006b7868ffdb4184c

SHA256
fb6559b809ad670095cbc7f39144b66af9436efa13e620a96847ed45e5051af8

SHA512
0853e92c897e544d7ef8aa34beaee6c17b69134ce2b16b65fa638bb1d6d4db7cd31ea53e07e2b72886c5aa343df4bd06002f1cc4e159cfa6e5d2e9db8aff84c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe

Filesize
468KB

MD5
bf7dd7ba75d14290c5e2308d4f5556af

SHA1
5b16a95ba220b1cc314f32c49e34a49c5fcde5bc

SHA256
7dcf5d5400c3e199bf9478b4bcff89d16c8f232a5cd9eb6c0794ca27edd9d8d5

SHA512
c73651a96169bb1a1be65734819efd8f9710e5b804e970d5a134c89a8805b86d03f251ffc0e7788f6b448f322fbef44f6276a8ceb6d0ca73bf0e29fac16da6f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe

Filesize
468KB

MD5
678e175fac7f454daab1cfda27ddca94

SHA1
8d0d55024ffe695e86089678c704105d08ad6b46

SHA256
37cba895fb54692417abe77959bb3bac55178969137f04c19cae83291c697719

SHA512
1d6dc907775dbf5d85b49d0d651345f8bda20d96ac80db340c0a2c46124f6aa3cdab696c8409eeebdd4a213f555de9da2872ee07ee2291e383883ed6d9548cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe

Filesize
468KB

MD5
e80d4a6b744e1a6db6c796ea6390f050

SHA1
f8a89fc6349d88d98b91532823ef2860e908178f

SHA256
a5239ccfb7a99af2375ec9485cab7e20f22462b9ef78a7a68fdf8bb003c2a967

SHA512
0ea3ffa3570dd823439b252b13b5dadcef01e77e1f856c0c1883b50f5545e70d817cb12d089e431f404da57df2c2470a0fab7a370ea9b507dc2d07ac24c5201a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe

Filesize
468KB

MD5
9cb379a9d801c387d79b233e3e2f461e

SHA1
432c347790659fd7b2db770cf47d3ba17926220d

SHA256
1f4de43e22880e3f19c62b19ff7ef5654305303063a0266fd3e0767395c8f391

SHA512
dedc54faff26405f6ff311548fb50dd1aa172e70a6fcc325b2bf3b2046a42d7e4f5c678143a69ca8eea8780571d3b2852296449bc9ca10163980d10e29edd32c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe

Filesize
468KB

MD5
f3305803c4c3e2df86823bb2d07d373e

SHA1
b7824558b42a9b5a943bc563e229f7c1f390ff83

SHA256
0293bb0cc5041b3cc345800ff05382206df0429d8cad0ad7ede7eb8fae6f7c29

SHA512
6fc86bf1e85ebc2563d5ae5b46e221732f214ae7786da67afb8cb73fbbc00a86ffa222c03c8e8ce45f0456768c9ced92ea420b283c9132c6fb290ec03a9c6d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe

Filesize
468KB

MD5
812e88b4d078da1b69a987744e384aa6

SHA1
0859db82bae907c8bcd5bbe40e5447472618d984

SHA256
401b3c3be5dfc72ae64a521bc7796501228b983589256928ed067779c9d259f8

SHA512
e07d762085fe5f43273a052218b16b93eb5cb4da5106e5301d6c28fe02d9822604d479a09bb876bae6e06369e09c37ab49ce5e7637c50376b621d20b4254de44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe

Filesize
468KB

MD5
bc57575a72ac766e819453e59e54b89e

SHA1
0dd6d3f0e4460b612f2349ac77689e706fbbd272

SHA256
5ddaee6bfa9a52fa9da75fd813726078abbea96a9f915430b350cbd1715486ef

SHA512
99bc86d05b939aace65e1743075be302163878d239868a41d2d5cabeea8abdee25db6d1a73c068e4a50f80ce8b0c2db036071a33929f6d226f1dddd96206f535

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe

Filesize
468KB

MD5
e926ba3888a5697f6a5527a76aba0d67

SHA1
2ceebf1a1f9d58fb25b5200466af2696a5dee395

SHA256
34208c7b1190322a1d9770c2698641f2203fc0127b185ab3f762a4b5d3ff7635

SHA512
6b175d0a4235960b491cb00719d48e3bd5b8f7f8ed7de29f63be14833280c3c1ad34acb16889fd85f035da04468e3bcd48b55703cbe863223f2b977f4eddbe1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe

Filesize
468KB

MD5
9662ff013f48c84cdf1d103e05b58c76

SHA1
5679cb53189c03dde953358f2f38038010f7eb81

SHA256
fd03e3b071f8e91dc539ad4c45056dc71c2754438af8a6c8ca497481aced520d

SHA512
e1844e17e8f1661bcbf84e998788600cb0dcb86b1cc8d96a960e2d520e73ff8e828d6f1f29c7784593642140991196475a7a75b65f60dd60ffa53d9fd2e32629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe

Filesize
468KB

MD5
2d726b07eb0f52927072c58a59b3042e

SHA1
28b6c12c627049904c9c1e90cecd4112559ffd0d

SHA256
e31594a93336809af99f5de2c183f0be64d8e0b42ae83ba6c0995b061090fd3e

SHA512
fd3731ca7e831fb7a1a7ff115794feaec32a63460dd683a640c114a5e42525a559e7dcda3857673d0c99c32ff2f330cce78dced926949ede492bdbbe8a99b40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe

Filesize
468KB

MD5
638e043f8cd44c0bace377ef85dad96d

SHA1
ea22913501c5ed28e4ee36ae195bb32efc63e727

SHA256
a145cb0de5abb06f345c8b0ee990eb3f4c734a71827ccb81af4e15737db1ee50

SHA512
f464639274196734eeb50fe7b9b3e907b0377810b9819dc43d4f1acf8780cba128f6235d6bd3d3267aa95e55717be073ea9219788ae864945564181c79f921c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe

Filesize
468KB

MD5
e8d0ff0db2bf666b76c09df1765b6289

SHA1
2fa3ddf27a76e1e6699917a91c67d6a836cea6bd

SHA256
bd9a97249b1ce706d3c12653a0122472170a26ac47d4cd821cbe2c9159ac8ead

SHA512
4cc4ccbc51b80d72300dbf7517c30508b4c277abc0393779beb32719fa5c6dbae50de9382927e25dfb9e0461939a05fff4f720d9bec610bf254a49edb2c638e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56029.exe

Filesize
468KB

MD5
02d3e843b2e879e110e21c2839f9ae33

SHA1
57f93f985726d66125d2f35f9a03056698b30bb5

SHA256
1e4b05228e33672d6ecafd446526b6ed9296f251bb7bec210b81c773011040da

SHA512
3facf505d540634532d199cfa4d4e1fd2f52831d17427c6a57cd15d6e72ed4c798b4695abc5da20b0e85abb3cdb3fefb0a9ff5c40b14efedd93534d04a0602f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe

Filesize
468KB

MD5
7e2c270e6dc5f9c0118b8381b0185793

SHA1
e9c8c8799c5e057107fdbd3b3c14745310e9f65e

SHA256
ec08d8dd9c12c8b886da66c2463fb729b7b00b2f711a58691ffddaa437daeffb

SHA512
56495f5b9ab98d49eae11c12482788d971d366364ec76f2d7bf59a25e69c12fe05625743b63b0b032dd7828cb839a25a831268ddf63bb9524b7ea3b84afadb02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe

Filesize
468KB

MD5
109f76b7a59050e7eee991055b353adf

SHA1
67c659c8b37f7379ae423bbae421b8aaca0ce3d1

SHA256
76e84b2c3582dd63f0156b93696628c8e579db57c4a1f4285d3bcd4143c1fa63

SHA512
1e7161366bf6fac54b8325f51bec5c4cc8476eabdbbada76ff27956f5d83e0b7b36274c2c02647c3a56635d755869df3381e3503034c313eead382e6858120c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe

Filesize
468KB

MD5
0b21f27336134ece3fc54977cbec5b38

SHA1
d9369a1315e8db1fbdb4c2d8c9c26e51d0abfb52

SHA256
6daef44c3482771b74ca02da9ce34683716bf7b9296ce078125b4d9479bda5c5

SHA512
1e824cc92edc69a2fa03690b57b6256041484ea0c1834c303612b100aa1f74ac1e259ece8503c9990feaf846ad8c23b2671979f438ef8d74bff9fbf58295c35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe

Filesize
468KB

MD5
8cac6fa8775642bf691a78280c4b079d

SHA1
05d6613548ec59a8b61072721aee8e60d27648a7

SHA256
5398338b0c80c292f208a994ca7e64495dd8e87e586649332af8d7c5ceaefa3d

SHA512
f33a0837fa835ce7cd0ea1f7b88747263b4e6354c0bbe6b5bb4b7c6004c1a6b3ba79c44330aeaee5e5c07cbc148c95f6781f1e8abd57a3722f55be20c6d98523

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe

Filesize
468KB

MD5
0b40d6a53b49987b957105506effe177

SHA1
7f9860110155da894a530c068e8d5fd8dc2eabb7

SHA256
0fe65e2885d3c6c97fba1016e3609bfecfea4255d2ba35d038605545a770faa5

SHA512
137cef4af83015e4eb9e18d9fa6df9301c06a029729730fa0b689642f769c0d133657739f5de18a9c67b7ba071211fa54d0d97eda02e8f23a6a587725b256193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe

Filesize
468KB

MD5
52391fcb4eb579aa1bb85670e768e1ec

SHA1
7fe344bf9c37bdb24a2fa615ea4b1a38f6137298

SHA256
ad6dd5cf617aea21c2b9695befefe967a792d81187bb34c58ac4245eef68cd0c

SHA512
558d52f3e559da3b1d64168e803ac3a85eb2ed73924e8d705fe5f19b095ecca915dad6398674b9753f7346f0256dcf440eb2ff355333283580ef2b2989b69f5a

Download Submit
memory/440-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/464-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/648-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/744-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/748-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/784-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/888-188-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1108-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1188-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1220-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1612-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1624-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1684-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1864-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1872-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1896-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1908-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1956-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2212-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2328-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2348-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2476-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2572-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2760-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2932-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3076-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3088-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3120-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3216-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3232-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3312-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-2475-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3412-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3492-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3504-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3552-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3568-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3628-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3676-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4164-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4184-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4328-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4384-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4396-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4460-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4512-94-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4516-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4724-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5240-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5252-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5424-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-484-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5532-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5540-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-474-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5868-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5892-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5964-528-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5988-563-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5996-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6004-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6012-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6048-575-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6064-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14604-2502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads