efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe
Size

468KB
MD5

945d88d3a2eb73d73c924500b68ac6e7
SHA1

fa4b3cefddf28b95d8ba8060125d8646dc840759
SHA256

efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760
SHA512

05f6b3cdc8cef532480cc292082f6dcdfa5dec115f278a46d12314559f0a619e92d6d3407f06cf9301911cfe54c352f5cb81a095921efeee01ddabc58289d636
SSDEEP

3072:adfnogpxjd8U2bYZBz3yqf8/7C3jyIplPmfI5VRRwwI+1n7GeYl7:adfomWU2aBDyqfQ09DwwvN7Ge

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2380	Unicorn-41088.exe
1372	Unicorn-21576.exe
3956	Unicorn-18046.exe
3824	Unicorn-56848.exe
4832	Unicorn-12286.exe
4716	Unicorn-7455.exe
4020	Unicorn-17661.exe
3792	Unicorn-8327.exe
4240	Unicorn-28534.exe
4924	Unicorn-40040.exe
2684	Unicorn-1045.exe
3000	Unicorn-65120.exe
2516	Unicorn-56495.exe
4660	Unicorn-61591.exe
376	Unicorn-32256.exe
4252	Unicorn-65032.exe
4380	Unicorn-12302.exe
4760	Unicorn-32744.exe
4724	Unicorn-59286.exe
212	Unicorn-59168.exe
3696	Unicorn-43143.exe
4752	Unicorn-18712.exe
3608	Unicorn-47855.exe
4900	Unicorn-42448.exe
1400	Unicorn-25920.exe
2744	Unicorn-51966.exe
4908	Unicorn-19864.exe
3104	Unicorn-28032.exe
3128	Unicorn-24502.exe
2876	Unicorn-38238.exe
4736	Unicorn-63423.exe
1268	Unicorn-41304.exe
3984	Unicorn-10935.exe
3740	Unicorn-10935.exe
3456	Unicorn-48247.exe
2036	Unicorn-51776.exe
2792	Unicorn-31910.exe
3796	Unicorn-45646.exe
2384	Unicorn-50551.exe
100	Unicorn-42456.exe
3560	Unicorn-50438.exe
2296	Unicorn-12087.exe
4352	Unicorn-9134.exe
1696	Unicorn-4303.exe
3900	Unicorn-20064.exe
3208	Unicorn-41038.exe
2548	Unicorn-62824.exe
3992	Unicorn-42766.exe
1180	Unicorn-6031.exe
2588	Unicorn-46680.exe
4284	Unicorn-50359.exe
3848	Unicorn-21600.exe
840	Unicorn-50743.exe
2708	Unicorn-42486.exe
3212	Unicorn-43904.exe
4176	Unicorn-27952.exe
1156	Unicorn-5293.exe
4488	Unicorn-13461.exe
848	Unicorn-19326.exe
1064	Unicorn-26800.exe
4848	Unicorn-48910.exe
1808	Unicorn-44950.exe
4820	Unicorn-47775.exe
5116	Unicorn-20744.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1032	4736	WerFault.exe	118
12204	8424	WerFault.exe	399
13540	11000	WerFault.exe	543

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59943.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16084	dwm.exe
Token: SeChangeNotifyPrivilege	16084	dwm.exe
Token: 33	16084	dwm.exe
Token: SeIncBasePriorityPrivilege	16084	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe
2380	Unicorn-41088.exe
1372	Unicorn-21576.exe
3956	Unicorn-18046.exe
3824	Unicorn-56848.exe
4832	Unicorn-12286.exe
4716	Unicorn-7455.exe
4020	Unicorn-17661.exe
3792	Unicorn-8327.exe
4240	Unicorn-28534.exe
2684	Unicorn-1045.exe
4924	Unicorn-40040.exe
3000	Unicorn-65120.exe
376	Unicorn-32256.exe
4660	Unicorn-61591.exe
2516	Unicorn-56495.exe
4252	Unicorn-65032.exe
4760	Unicorn-32744.exe
4380	Unicorn-12302.exe
4724	Unicorn-59286.exe
3696	Unicorn-43143.exe
4752	Unicorn-18712.exe
3608	Unicorn-47855.exe
212	Unicorn-59168.exe
1400	Unicorn-25920.exe
2744	Unicorn-51966.exe
4908	Unicorn-19864.exe
3104	Unicorn-28032.exe
2876	Unicorn-38238.exe
4736	Unicorn-63423.exe
3128	Unicorn-24502.exe
4900	Unicorn-42448.exe
3984	Unicorn-10935.exe
2036	Unicorn-51776.exe
3740	Unicorn-10935.exe
3796	Unicorn-45646.exe
3456	Unicorn-48247.exe
1268	Unicorn-41304.exe
2792	Unicorn-31910.exe
2296	Unicorn-12087.exe
2384	Unicorn-50551.exe
3560	Unicorn-50438.exe
2548	Unicorn-62824.exe
4352	Unicorn-9134.exe
3992	Unicorn-42766.exe
1696	Unicorn-4303.exe
1180	Unicorn-6031.exe
100	Unicorn-42456.exe
3848	Unicorn-21600.exe
3900	Unicorn-20064.exe
2708	Unicorn-42486.exe
3208	Unicorn-41038.exe
840	Unicorn-50743.exe
848	Unicorn-19326.exe
4488	Unicorn-13461.exe
1064	Unicorn-26800.exe
1808	Unicorn-44950.exe
4284	Unicorn-50359.exe
3212	Unicorn-43904.exe
4176	Unicorn-27952.exe
1156	Unicorn-5293.exe
368	Unicorn-20552.exe
2588	Unicorn-46680.exe
4848	Unicorn-48910.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 2380	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	89
PID 4468 wrote to memory of 2380	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	89
PID 4468 wrote to memory of 2380	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	89
PID 2380 wrote to memory of 1372	2380	Unicorn-41088.exe	92
PID 2380 wrote to memory of 1372	2380	Unicorn-41088.exe	92
PID 2380 wrote to memory of 1372	2380	Unicorn-41088.exe	92
PID 4468 wrote to memory of 3956	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	93
PID 4468 wrote to memory of 3956	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	93
PID 4468 wrote to memory of 3956	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	93
PID 1372 wrote to memory of 3824	1372	Unicorn-21576.exe	96
PID 1372 wrote to memory of 3824	1372	Unicorn-21576.exe	96
PID 1372 wrote to memory of 3824	1372	Unicorn-21576.exe	96
PID 2380 wrote to memory of 4832	2380	Unicorn-41088.exe	98
PID 2380 wrote to memory of 4832	2380	Unicorn-41088.exe	98
PID 2380 wrote to memory of 4832	2380	Unicorn-41088.exe	98
PID 3956 wrote to memory of 4716	3956	Unicorn-18046.exe	99
PID 3956 wrote to memory of 4716	3956	Unicorn-18046.exe	99
PID 3956 wrote to memory of 4716	3956	Unicorn-18046.exe	99
PID 4468 wrote to memory of 4020	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	100
PID 4468 wrote to memory of 4020	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	100
PID 4468 wrote to memory of 4020	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	100
PID 3824 wrote to memory of 3792	3824	Unicorn-56848.exe	101
PID 3824 wrote to memory of 3792	3824	Unicorn-56848.exe	101
PID 3824 wrote to memory of 3792	3824	Unicorn-56848.exe	101
PID 1372 wrote to memory of 4240	1372	Unicorn-21576.exe	102
PID 1372 wrote to memory of 4240	1372	Unicorn-21576.exe	102
PID 1372 wrote to memory of 4240	1372	Unicorn-21576.exe	102
PID 4832 wrote to memory of 4924	4832	Unicorn-12286.exe	103
PID 4832 wrote to memory of 4924	4832	Unicorn-12286.exe	103
PID 4832 wrote to memory of 4924	4832	Unicorn-12286.exe	103
PID 2380 wrote to memory of 2684	2380	Unicorn-41088.exe	104
PID 2380 wrote to memory of 2684	2380	Unicorn-41088.exe	104
PID 2380 wrote to memory of 2684	2380	Unicorn-41088.exe	104
PID 4716 wrote to memory of 3000	4716	Unicorn-7455.exe	105
PID 4716 wrote to memory of 3000	4716	Unicorn-7455.exe	105
PID 4716 wrote to memory of 3000	4716	Unicorn-7455.exe	105
PID 3956 wrote to memory of 4660	3956	Unicorn-18046.exe	106
PID 3956 wrote to memory of 4660	3956	Unicorn-18046.exe	106
PID 3956 wrote to memory of 4660	3956	Unicorn-18046.exe	106
PID 4020 wrote to memory of 376	4020	Unicorn-17661.exe	107
PID 4020 wrote to memory of 376	4020	Unicorn-17661.exe	107
PID 4020 wrote to memory of 376	4020	Unicorn-17661.exe	107
PID 4468 wrote to memory of 2516	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	108
PID 4468 wrote to memory of 2516	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	108
PID 4468 wrote to memory of 2516	4468	efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe	108
PID 3792 wrote to memory of 4252	3792	Unicorn-8327.exe	109
PID 3792 wrote to memory of 4252	3792	Unicorn-8327.exe	109
PID 3792 wrote to memory of 4252	3792	Unicorn-8327.exe	109
PID 3824 wrote to memory of 4380	3824	Unicorn-56848.exe	110
PID 3824 wrote to memory of 4380	3824	Unicorn-56848.exe	110
PID 3824 wrote to memory of 4380	3824	Unicorn-56848.exe	110
PID 4240 wrote to memory of 4760	4240	Unicorn-28534.exe	111
PID 4240 wrote to memory of 4760	4240	Unicorn-28534.exe	111
PID 4240 wrote to memory of 4760	4240	Unicorn-28534.exe	111
PID 1372 wrote to memory of 4724	1372	Unicorn-21576.exe	112
PID 1372 wrote to memory of 4724	1372	Unicorn-21576.exe	112
PID 1372 wrote to memory of 4724	1372	Unicorn-21576.exe	112
PID 2684 wrote to memory of 212	2684	Unicorn-1045.exe	113
PID 2684 wrote to memory of 212	2684	Unicorn-1045.exe	113
PID 2684 wrote to memory of 212	2684	Unicorn-1045.exe	113
PID 2380 wrote to memory of 3696	2380	Unicorn-41088.exe	114
PID 2380 wrote to memory of 3696	2380	Unicorn-41088.exe	114
PID 2380 wrote to memory of 3696	2380	Unicorn-41088.exe	114
PID 4924 wrote to memory of 4752	4924	Unicorn-40040.exe	115

C:\Users\Admin\AppData\Local\Temp\efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe
"C:\Users\Admin\AppData\Local\Temp\efd979a38658de95bc654f2ee207d90cd71ca1b5a03e5036854c45a5285be760.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        10⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        11⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        11⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        10⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        10⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        9⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        9⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65151.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
        10⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        10⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        9⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        9⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        9⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        9⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
        9⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        10⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        10⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        9⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        9⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        8⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
        9⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        9⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        9⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        9⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        9⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        9⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
        8⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        8⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
        9⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        8⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        8⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13741.exe
        7⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
        8⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        8⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        9⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        8⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        7⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        7⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14749.exe
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        7⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        7⤵
        Executes dropped EXE
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23552.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        10⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        9⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        10⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        9⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        8⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51415.exe
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        7⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        9⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        9⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        9⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        8⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        8⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        8⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        8⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        7⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        6⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        6⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        8⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        8⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        9⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        9⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        7⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        7⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        7⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        7⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        6⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        8⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        6⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49077.exe
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
        10⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        9⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        9⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        9⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        8⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        10⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
        10⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        9⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        7⤵
        
        PID:17240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        9⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        8⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
        7⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        7⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        7⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        6⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        7⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        6⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        7⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        6⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        6⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        6⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        9⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
        9⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        9⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        9⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44904.exe
        9⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
        8⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5249.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        6⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        6⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36752.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        6⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        5⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        6⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36368.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        6⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        6⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41759.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12877.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35752.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        7⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26934.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        5⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        6⤵
        
        PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        5⤵
        
        PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
      4⤵
      PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        5⤵
        
        PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      4⤵
      PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
      4⤵
      PID:7948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        9⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        9⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        9⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        9⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        9⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        9⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        8⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        8⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        9⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        9⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        8⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        6⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        8⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
        9⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        10⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        10⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31725.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        9⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        9⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        8⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        7⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        8⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        8⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        7⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe
        7⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        6⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        7⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        7⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45792.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        7⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        6⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        7⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        6⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34589.exe
        6⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
        5⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        5⤵
        
        PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34432.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        7⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        6⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21350.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        6⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5709.exe
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        6⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        7⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
        6⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        6⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        6⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
        5⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        5⤵
        
        PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24832.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
      4⤵
      PID:15056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        7⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        7⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 724
        8⤵
        Program crash
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        7⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        6⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        5⤵
        
        PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        6⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11095.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
        6⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30077.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        5⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        6⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        5⤵
        
        PID:728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        5⤵
        
        PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
      4⤵
      PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        5⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
      4⤵
      PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
      4⤵
      PID:12648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30091.exe
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        5⤵
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41936.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        5⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        6⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        5⤵
        
        PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
      4⤵
      PID:12116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        5⤵
        
        PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
      4⤵
      PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
      4⤵
      PID:10472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45672.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        6⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
      4⤵
      PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        5⤵
        
        PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
      4⤵
      PID:928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        5⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28238.exe
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        5⤵
        
        PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
      4⤵
      PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
      4⤵
      PID:12960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
    3⤵
    PID:9068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
    3⤵
    PID:14424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        8⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        9⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        9⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23229.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        7⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        6⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        5⤵
        Executes dropped EXE
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        9⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18549.exe
        7⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        6⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        6⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        7⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32935.exe
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
        5⤵
        
        PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 716
        5⤵
        Program crash
        
        PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        6⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        5⤵
        
        PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        5⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
      4⤵
      PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
      4⤵
      PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
      4⤵
      PID:14544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23142.exe
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        7⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57703.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        6⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3935.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7599.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        8⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        7⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        7⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        6⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        5⤵
        
        PID:12696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        6⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1703.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41023.exe
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        5⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        5⤵
        
        PID:16540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        5⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22288.exe
        5⤵
        
        PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62775.exe
      4⤵
      PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      4⤵
      PID:14352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        8⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        6⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        6⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        5⤵
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
        5⤵
        
        PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        5⤵
        
        PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22190.exe
      4⤵
      PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
        5⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        
        PID:10592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        5⤵
        
        PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
      4⤵
      PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
      4⤵
      PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
      4⤵
      PID:10420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13542.exe
      4⤵
      PID:16268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
    3⤵
    PID:10692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
    3⤵
    PID:15196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
    3⤵
    PID:14792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4895.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        8⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
        8⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        7⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        7⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        6⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        7⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        7⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        5⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49343.exe
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        6⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        5⤵
        
        PID:14788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        5⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        5⤵
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
      4⤵
      PID:11228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61670.exe
        7⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        7⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48095.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        6⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        7⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6654.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        5⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
        6⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        5⤵
        
        PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        5⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        6⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        5⤵
        
        PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
      4⤵
      PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37382.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
      4⤵
      PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
      4⤵
      PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5583.exe
        5⤵
        
        PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      4⤵
      PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32320.exe
      4⤵
      PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
      4⤵
      PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32877.exe
      4⤵
      PID:13004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
    3⤵
    PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
      4⤵
      PID:8424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 720
        5⤵
        Program crash
        
        PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
      4⤵
      PID:11380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
    3⤵
    PID:8908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
    3⤵
    PID:1124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
    3⤵
    PID:17140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        5⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        6⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        5⤵
        
        PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        6⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
        5⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        6⤵
        
        PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
      4⤵
      PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        5⤵
        
        PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
      4⤵
      PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
      4⤵
      PID:14980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
      4⤵
      PID:16924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41038.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        5⤵
        
        PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
      4⤵
      PID:9588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
      4⤵
      PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
    3⤵
    PID:9444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        5⤵
        
        PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        5⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
      4⤵
      PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10855.exe
        5⤵
        
        PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
      4⤵
      PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
    3⤵
    PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
      4⤵
      PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        5⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6733.exe
      4⤵
      PID:13424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
      4⤵
      PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
      4⤵
      PID:12520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
    3⤵
    PID:11052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
    3⤵
    PID:9616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44950.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
      4⤵
      PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
      4⤵
      PID:16096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
    3⤵
    PID:11240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
    3⤵
    PID:14664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
    3⤵
    PID:14964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
  2⤵
  PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
    3⤵
    PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
      4⤵
      PID:3716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
    3⤵
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
    3⤵
    PID:5208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
  2⤵
  PID:6780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
    3⤵
    PID:16356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
  2⤵
  PID:8728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
  2⤵
  PID:9920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
  2⤵
  PID:3952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
  2⤵
  PID:14108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
  2⤵
  PID:14648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
  2⤵
  PID:8868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
  2⤵
  PID:16120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4736 -ip 4736
1⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 8424 -ip 8424
1⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 11000 -ip 11000
1⤵
PID:5672

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe

Filesize
468KB

MD5
ad69c01d107df6bb80450429dc26f0df

SHA1
385e9722a15086749f159123197a64983057b38b

SHA256
48a4bfb53d2cd334318855f8301bf418a01cfbcce3b231a80f56a3de0a2e06ac

SHA512
7a6bd9d6bec7f72d739d2ac3c57a93dd9905ea55cc5ef487ead464cc3a01a1da56c88b9891844adfe88c0120ea3bb5377e196d82ac2655d5ae623bbd3c0b9caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe

Filesize
468KB

MD5
9edd75a46952404e460f972db8f09ed6

SHA1
58d368492917d973f9085abb274b0278ed52f067

SHA256
380d936e768f71e4be42de87dbc18716e90dd34fd5d804a028f4dffd5e47c912

SHA512
8dbc5a90d7cb18aadcb71807fa3f3509e0e8c51a90668999e645c05a75b3d892858a64b27bc929a7882c09b8051cc119ec971b1a695b22b448177ce43b66b965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe

Filesize
468KB

MD5
32bda929a744a360b7d355d16946592a

SHA1
a8bcd3388470b8d8d7aa2ce10987c0cee2663d90

SHA256
2593b42d404e41e335b31646548aa6293084b011d1e468127f314d4aa096ccfb

SHA512
4b7b538fbb87ee63aa7647bd8c2a25a97a0c59dbf2cee5d592c2bfb7e86366244b82c1205660c1b85d49e97a33614bfd9d0b7b784c820268b3cb72bba3b50be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe

Filesize
468KB

MD5
904515b484642a1a247c5e2bc596ac5a

SHA1
1e077aa1a0fca45084283bc8de23ff708a29cd5e

SHA256
9c7573f345114b13d9b874c9b2d0bbe449642917c5dc4bd132426d212e78aa68

SHA512
2a7590d7824bb3b7d9a046381688ae50af616ea80ea3867feaa62ba3ee2522039c48a6f5d58b6fdf7b6633020f46c7aaf8d8f7c0ad8b32b53ce7555d0b1a36b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe

Filesize
468KB

MD5
31784c591187bee92ee67038598c031a

SHA1
9382c383d3398a35db6a3068266a8c7b9c83d8d1

SHA256
08497bc9e9454acbd93c2096bd5524db4c55c0e62c509db898a8fa5916818644

SHA512
028c5655eb911f5bf59eb6932582019cade36d2b92e1d452629a0d169e086ee59e223a336a6f791bb243fbb2b3e0a5a601889fc8cc3c9a577f5f4bdfb10df2d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe

Filesize
468KB

MD5
f9a23af5a9d6fc5c1246ae9aa27e4b16

SHA1
d071facc5a8756ab705f5ab5bef981449f31ac47

SHA256
12fbd0d41b4106513b45717a949b76b9a5b63b23a8d237e2a845e328a88e88f7

SHA512
67d51de50dced7da6da59af03a6a640acd059ff3f1f89fbacfd001c46148ea17c42ac92dc38900ee7f816ba167deb6b84776e5abc886036596c9bc2ca5b87950

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe

Filesize
468KB

MD5
50af2a3a6c44655088666f859239d23f

SHA1
292532b7615a7a04951a7f3f44484d9bba93f997

SHA256
218de21108bea5e2e56146bae72cc30e6436d877d22fb2b255d85b6d45e2396c

SHA512
1f0f4162b262d43ee5f7516b999a7c48cc272614f550534221f307002434d889ea8694ec7a9ebef7b8d69093ce40820744881e01e0da8117fce0e62c8b561afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe

Filesize
468KB

MD5
48b419f30264c11893568e8033a5a1bb

SHA1
187acffc8adadca2d74b6ccd07d135a391c9d07e

SHA256
de9a297011cdb76ba81de9c9958147a755cfc7b14cabc90f15c231148606702b

SHA512
f3d79f0df4fec6a695a87cd011b612a875dad1768368e5caa044b3e570e3005fc589c8544cdefe9fcd0534f82775ed06970ab5c98d4f9a9fbc6d71424f815804

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe

Filesize
468KB

MD5
3d9ad5e4c4ac19c461da4f664fa41ac9

SHA1
a55c11f6932a7aa91285cc00459e07ff3369d5ba

SHA256
e222915d9767ae93a72fe8a4e0f72612be15642a24bcd0f0f788c83b40cb997d

SHA512
0c288240f143ceed42e802db94bad9e54be7775a96749a56d614264f39834f8df86f3cfdb62c0113c4128797fb51a3f0d25efc152754faa2ba6d27966fcaeec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe

Filesize
468KB

MD5
5975058a62ac604ddb8187c7261a4289

SHA1
8b735248a56814a05a721ea42a09c6a6ba2ad3ae

SHA256
91b85e00d6fadef2881523d29a91d6fae1a60022e95158540b2455b1edad38b4

SHA512
40f50e7004946a5b2ec6e2facdce8b839db3566923d44657accb131fbbdd755eb4a94dffc4e7e2967fc0b434d263f70656befb96dc7a4bbcb93cd46ef4ddd56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe

Filesize
468KB

MD5
9bb36c7f697504a4d2d013c8b6b583c6

SHA1
0ff48ca4964e21e509056706a6786f9a41735e63

SHA256
6d1dbf159d5d3d5a674b0c6c15c4eebdf09944450083dee7f4a6bf6aa5dc4ae8

SHA512
ff043d955478a0353df8a6d00e75c38ccda7bd67dbb01ceec663372eb06c5ee078f75f2bca43c2348d6221f3404569a41c594f32284c8b101061dd1d4e114377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe

Filesize
468KB

MD5
cbd07f0b16a46906bc3886828f8fa46c

SHA1
0f70b9d412b27fd947933f6cb4caa237b2c39732

SHA256
8e449339813ba8c92e94191e0f7119b7b0f30d935eb6cc3794d396398a46c847

SHA512
dec8ab2b8cb6c8a4f460d61dc4ac863a0105df94d19e374e8db36480d47d3cba5b0d99ad06849a20d0eb6232d35699e286b90ae4303bffae59b0de95e1ebc9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe

Filesize
468KB

MD5
3691dfffb27758a4341b9ef966f034f4

SHA1
b3255ae3795098c26c89d02a88ae3171a51ade1b

SHA256
06f1000ea4e9c57e4eb1d7a3f86e212c039c557257767953501aec4e839ad632

SHA512
2b6dad137cd09d76db9741e231dff1d2fd26fc1aba5bc0aa4fb5a5d3a12494e55065435c6c3b7e241df684f857ea530973289b03fc6a2766c90ef7d5758c4bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe

Filesize
468KB

MD5
a3bbd6175bd416eb734be4ab4211619e

SHA1
25c81d5246a8d3ff67195cc60b7568a11819d85c

SHA256
8f6f62776238591f618f44ae689fe5d9af353bb75b7926b7929c87152bf3e9de

SHA512
22a156c059f110c987e9be673b2cb6a9de9c93f08bcfcd07581f07bb6713f6c0fb4ed5ac8ce7d554a9e885626e492f1049d29831925793631a6b921eb9ff9666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe

Filesize
468KB

MD5
b92642071f831afc851383495da43989

SHA1
01c42351b094321049b457a41ad1080683992e18

SHA256
3521d8701753e8833f070ff5312a10769a43beeb32dd175d9dab95ef4b7c8ebf

SHA512
224f22b02925f3cc7ef164d7f75bca729295938aa7205fa9710dded12fbf5a7127be880b63985d3e9460129a03c8ec97cb6862f42050d7f839c9cd5f622d7f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32744.exe

Filesize
468KB

MD5
b380907e68954cf51d52b33b22310a41

SHA1
04a53c30cc5b2388d5362008d519500cd9e0b28b

SHA256
8f0b518b807b61926f5511bcd7ba5bd88e5555788bde2d2d5427188748522c85

SHA512
5bad4e2963cd06fe3dc7541d8b49ea38bbe16752a33dc396eca7ec454b9d8558641109017042a3d0f64ff8aa35c920a1e9d19a982dff1cf627c2ef21cda5e074

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe

Filesize
468KB

MD5
d9a5c62bd15eff0b31d122de9066bd5e

SHA1
5a970993f1f3044cac24b98ad42293ee6730cc41

SHA256
a8d2a35cdde83d632ae2f0766c997d3d1814ed6e4636385f64b1f5db22f2817b

SHA512
83a31a3fa9537059cbd398514174cba44feade26a9b16ef9d3ff2cde4f64a2f5f0eef4731b843aa49d07d62aa1c437fc1023c1cd6844b760337583ae4bc82f06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe

Filesize
468KB

MD5
302ef38e557148593c72906bb4f66adb

SHA1
d5d12a3f3026752174c4109a41b8fc5fa0db5ebc

SHA256
267f1142626f12f20c283186c88e2658ce171b621974dca6cfef4f685b1650ab

SHA512
bb0a0390c12dc1e256df56faf8efa7b0b77d9031adec63f84ff469d77b7d9f19a0b4186d45f6ac16a8c964261dbfa4bcb856736d36dc164af005bef63a0f2ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe

Filesize
468KB

MD5
ed6fa7f114858a282b22048ecce328ca

SHA1
a669d2258647449b2f346b55cbdaa3b953f47357

SHA256
b17307229b4d2ac10359135e5eced9857063293cf090681755e8823aa4d3925b

SHA512
000d251691d163b9f179f32b03af2ba7608238d10b06fbfc675893cdbbf3b805074b213d306efb4d83043a5f15bafb3a1b65b0729599753e321b8b1be6313944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41088.exe

Filesize
468KB

MD5
afd98a3a19da2b544b33dd7e08af5732

SHA1
8b55b287794be3b973dcfd7ebf5c9b0743292c28

SHA256
376359b8cc2d053fe09e5563757d6bfe181f729cac3714992cdb8b09e6d64157

SHA512
e1b0e7e06d44db1bf97e35bedc7d30a62b2cbabdb7a6a4e10714f6f11dcc3da63f5fdf2b6d80ca3171b3498a331d92e9484c508394c83f763d86600693b6f354

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe

Filesize
468KB

MD5
790a589806921b6655cd72fbfeca7612

SHA1
e5996811a36ca906fefafdf2185a11e2db189ebc

SHA256
1e02f8b077cd85c8b3fa6f4f327560a6bad05e805b5a592a17816bbd2f49c075

SHA512
8ba4b18b661089e88e61af46e14027e28dc7b8a7c680114fa91c170868eae1c1c85f9d3c849e6269dc8fedf724475fa7c3676dcf7051df71ab42ea12faff83be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe

Filesize
468KB

MD5
b85a6a7c60d9caf2b9c197fb8fad466b

SHA1
9cbd6c48f0b46cd125546a4a8fbb79e8e1cb877c

SHA256
38baeddbc5f1d551337c16dcb487dff95d58684fdebf917ef829f3426a9e49e5

SHA512
c2b432f3f17b08b324a5ff829719509820b07dc42738a167fd7190173b82787b96d5886678cc7f56749843c2fec28d773a403987927d901f66b8ed984b4f2a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe

Filesize
468KB

MD5
35e7c6672d2cedb68619118304615c0b

SHA1
1ce26b90c9ad43b6b76831df0e798e225230177b

SHA256
6389d23c752e6aae0720f7000834e129b85da2fa20bc9f966de7f6b2da54e463

SHA512
aea3e9b2b608069e508a48b6a3c382960133d6fb2c714e3a342f4b1ecc2bcd651a4e79ff2a3e90c55f99577361611854b6b552cc42258c85a815547fa8394179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe

Filesize
468KB

MD5
29c86335c23a08b638c6ab03e52d61eb

SHA1
6ba3a5d691524278bf4ce8bc76dddf013d595ef9

SHA256
721fa63c0e4232d169422ee8117ff00602d9ae9c71437fcd69c30eb40e01e802

SHA512
e93b6710729294091680618cce2e20c3842d760c87e21d2442f5b31479fe33f0ca767b6b36e4244e42b42580f20d5010380da3aaa47b6b6eaac73395251e901c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe

Filesize
468KB

MD5
6209e2e188cb59eed90cb161c53ffaed

SHA1
97d323f1bae12decbc9dd6ba7453f46dc8f5dd70

SHA256
659edf7dc275159a51adf240112f6c10d55c0d130be76fa9341bb6d688a8f4e6

SHA512
b2f189888b7050ceb76ba19e60f6c49a51d79fa9794fb8eb5a7cf1e22feb25217159eed231e30266ac46ddb77e4c1f058a41694de0715a29d1f59e9f55d391a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe

Filesize
468KB

MD5
23572f3d9e04de4a9b63340d330fb9aa

SHA1
f913bd6cc2347ef8b2342c6ba5e03bdaacf8a13b

SHA256
12d2b966c032a230aadab65b82e76c99a727a71d90fedd68cce6da6235f338ef

SHA512
10b786a56f09f119263035aa7ee9804cb7534a18d89bb5748c0613ed00ff4fbfe27d4dd8f94b0e0e6fa6c22e312eb7541ffaf40c5e472c847c401bd6f8def36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe

Filesize
468KB

MD5
0298cd58a81c7f114288fbe35d199559

SHA1
696a2ba9908a678cf646896d778bff68c5e484ab

SHA256
8c99115fb89ebba39f53a77d613ebe1a195f307989de4edbb935e579cd516865

SHA512
976130403e836bed8ebe4334d88d7cf0b2b5cf6a0fc1b3caea4d068a6b8098f313a7cc11432705e58e8452598dbb65b292f3c64e3ffb8618646983909821dd60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe

Filesize
468KB

MD5
95288f54f4dc824287232ddbf3965909

SHA1
ac6214c2b788b158c9e0512c2ab7ba48d0228237

SHA256
68e344497284ad667e5d551a9d99f17cec80825a986f01f49d30c54b222df38e

SHA512
001dd4cc0118b0f40892b9cd44b12ff76d1ef51333567de568b5441899c155ed0ea23f48d373d97d71a3e92c0a74d73bd440024daac7481db9722d0b2606ba2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe

Filesize
468KB

MD5
7b39c16dc0ace0d4ec8d19972209e8b1

SHA1
5d62545d19e88c0cee786f977ce241c0a6ebe9d8

SHA256
4898d53de985f3b6a856352cbf84074110649896752dff2ce95ef3c9cb07a0c8

SHA512
72dacd91da99c48db80d41551038aaa9a0b213e6dffc0f72d1da55da179626a6b8e5e37cae1127a39f89aa2afe8da06fe74166c1cadcffb392bd74bdc0bca8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe

Filesize
468KB

MD5
7e9f9c4d0f3ab33a7e5a9710af912617

SHA1
9d9106fb9d474937cb74ee71da6f285ea1824172

SHA256
e1b87f24f35b2efd0ba6ad673ebcb4b27d666c77c0ddc0032bebbb7466ee598e

SHA512
b0bc22a3228ef385ccae33a26bea2185de894ae2ae080428735a812b526a692e0c2356c436187d8c64f485e13d12c3f85f057caeeea464b68cb8eb4cc43873bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe

Filesize
468KB

MD5
e32e519ae1b78de8e11e797324e68caf

SHA1
46a024bde1317bff54e1a67d4aa906a0388c9ebd

SHA256
82430203787b87d6d6481393de0a5c9b068a7a39a416554521c918f88339b3b6

SHA512
36617931b93304799097a78c4974eb32233fb5da148b983e8e2170066773ee67fb3ee731a671bc4c4f329f889845f7b282ee308a444ce312f7eba4b0a50436a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe

Filesize
468KB

MD5
d0a25769f35111a967dd0009e48356e1

SHA1
e0f5def9ce54656e9cd7615a508a5f41ec570975

SHA256
995c17b752c759834aef1a7946a0985653b9f7c5faf8ee4d3b350b06e1938a31

SHA512
575904c9a045558aa796799ca08e3eb9c18c2d08bd78553e0149a33f8413aa358c85646552703bea5eb5a52798b6bf87e0928d171e4001f0e716b37792d19d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe

Filesize
468KB

MD5
fcd8517537a83e221b342b2f636236c1

SHA1
72fde7a0f386dcad90db1cf6e70d626a6691b070

SHA256
b10d97a30e7e8266ac75a2d1fe64fec74df2eca0fe8452b8075df703277d0256

SHA512
c14039453908a83fab0650a46dbd5070e41f74cee7756fd163dd82794b6912a9bc49a58ca33ff8422bc5ffa2695f75463aee4569c783c856a5d747de02747c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe

Filesize
468KB

MD5
6a2a321ca0970ec3b46c3fd23b918b23

SHA1
26348f4b7950b2dae9e63bd05deb910cf8e0b300

SHA256
97d8f20f448063df3d3cd0d251d696ad09e70af706dfd95ea7cd2f71a4c5a36f

SHA512
b6cd88e47b2b9101071694a62af15fc5aa905d1e5ea639a4feea8f1c76110ddc51d2c7a66b59a54996d6573938d1e686b1a9939c174414c813d57e93b2d018ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe

Filesize
468KB

MD5
2cc9efd1443ad64cbca36ad21df8bc98

SHA1
b4730e2f77f7cd97cdaab03269682110e9b2bd8b

SHA256
0fe9031070df7db8fca747a35c52ad29228bf2654ca1a9309420c74cdcf65835

SHA512
70ae7ceed22c64de827fb663cb7bb8ff994ff77dc34d78fe6f3fdb864a4674cc19ec695f7be413ac16de2244f76b180dc4f31848f7c7464f29cff188703f5a5b

Download Submit
memory/100-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/212-138-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/216-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/368-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/840-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1156-355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1268-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1372-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1504-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2036-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2296-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-499-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2440-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2548-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-2828-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3128-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3212-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3608-158-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3696-147-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3740-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3792-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3796-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-568-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3824-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3848-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3956-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3992-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4052-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4140-452-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4176-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4240-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4252-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4284-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4352-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-496-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4660-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4724-129-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-206-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4736-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4752-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4760-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4820-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-574-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4832-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4900-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4908-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4924-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5140-487-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-488-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-564-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-497-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5260-498-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5296-500-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5648-2830-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5684-525-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5836-527-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5880-565-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5936-571-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13344-2826-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13380-2832-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13416-2827-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13536-2823-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13604-2829-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13700-2822-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14124-2824-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14196-2825-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14328-2831-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14680-2816-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14992-2818-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15864-2821-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16116-2820-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads