dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe
Size

468KB
MD5

3e6cbf08d3facf86ada838742a158f0a
SHA1

a8e150314821c9e34c350809a2f6fbf7d22ac8d2
SHA256

dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e
SHA512

4ed2f7e9906f8b585b7c8349c0ecfa7118145b3b59e55490500ddf401ce81123cad4ac566ed2e99b1f002f3cd4c10147c235b81bc431e327a4d1fce59177e8d5
SSDEEP

3072:pqACogIGIU5AtbYQPzcjYf9/EChCPIaqnRHQjVMQxtDLFOMuD4l8:pq1o/cAtLP4jYfo/zXxtHcMuD

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
880	Unicorn-25128.exe
1688	Unicorn-33016.exe
1604	Unicorn-62159.exe
3560	Unicorn-46176.exe
2588	Unicorn-58106.exe
116	Unicorn-12434.exe
640	Unicorn-7181.exe
4948	Unicorn-15527.exe
4556	Unicorn-44863.exe
3872	Unicorn-40800.exe
1184	Unicorn-64728.exe
1980	Unicorn-29102.exe
1220	Unicorn-26501.exe
624	Unicorn-32367.exe
2428	Unicorn-13254.exe
3468	Unicorn-40328.exe
5024	Unicorn-7463.exe
4480	Unicorn-53135.exe
4280	Unicorn-9310.exe
4588	Unicorn-3445.exe
1332	Unicorn-9575.exe
2716	Unicorn-14214.exe
2148	Unicorn-25149.exe
1472	Unicorn-34272.exe
1040	Unicorn-43814.exe
4956	Unicorn-49944.exe
3728	Unicorn-6726.exe
1608	Unicorn-1630.exe
2172	Unicorn-47567.exe
3848	Unicorn-12101.exe
1736	Unicorn-59456.exe
1168	Unicorn-59456.exe
712	Unicorn-63327.exe
4244	Unicorn-44198.exe
1152	Unicorn-17464.exe
644	Unicorn-14510.exe
4616	Unicorn-18040.exe
5040	Unicorn-58880.exe
3676	Unicorn-8917.exe
1460	Unicorn-58688.exe
2492	Unicorn-46991.exe
4436	Unicorn-1319.exe
2112	Unicorn-50520.exe
3760	Unicorn-40057.exe
1512	Unicorn-60031.exe
1484	Unicorn-59658.exe
220	Unicorn-13829.exe
4532	Unicorn-57352.exe
3640	Unicorn-40751.exe
4248	Unicorn-21150.exe
4000	Unicorn-20853.exe
1616	Unicorn-27368.exe
3532	Unicorn-53910.exe
3240	Unicorn-43704.exe
2240	Unicorn-11040.exe
4352	Unicorn-26216.exe
2636	Unicorn-26216.exe
2372	Unicorn-8048.exe
4524	Unicorn-51031.exe
2408	Unicorn-51296.exe
4976	Unicorn-51296.exe
1172	Unicorn-31238.exe
4144	Unicorn-31238.exe
4748	Unicorn-59272.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
17052	15928	WerFault.exe	795
15836	1988	WerFault.exe	775
19996	12524	Process not Found	1084
20256	15012	Process not Found	921
7232	17484	Process not Found	972

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6143.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5512	dwm.exe
Token: SeChangeNotifyPrivilege	5512	dwm.exe
Token: 33	5512	dwm.exe
Token: SeIncBasePriorityPrivilege	5512	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe
880	Unicorn-25128.exe
1688	Unicorn-33016.exe
1604	Unicorn-62159.exe
3560	Unicorn-46176.exe
116	Unicorn-12434.exe
2588	Unicorn-58106.exe
640	Unicorn-7181.exe
4948	Unicorn-15527.exe
4556	Unicorn-44863.exe
3872	Unicorn-40800.exe
1220	Unicorn-26501.exe
1980	Unicorn-29102.exe
624	Unicorn-32367.exe
1184	Unicorn-64728.exe
2428	Unicorn-13254.exe
3468	Unicorn-40328.exe
5024	Unicorn-7463.exe
4480	Unicorn-53135.exe
1332	Unicorn-9575.exe
4280	Unicorn-9310.exe
2716	Unicorn-14214.exe
4588	Unicorn-3445.exe
1472	Unicorn-34272.exe
2148	Unicorn-25149.exe
1040	Unicorn-43814.exe
4956	Unicorn-49944.exe
3728	Unicorn-6726.exe
1608	Unicorn-1630.exe
2172	Unicorn-47567.exe
3848	Unicorn-12101.exe
1736	Unicorn-59456.exe
1168	Unicorn-59456.exe
712	Unicorn-63327.exe
4244	Unicorn-44198.exe
1152	Unicorn-17464.exe
644	Unicorn-14510.exe
4616	Unicorn-18040.exe
5040	Unicorn-58880.exe
4436	Unicorn-1319.exe
3676	Unicorn-8917.exe
2492	Unicorn-46991.exe
2112	Unicorn-50520.exe
1460	Unicorn-58688.exe
1512	Unicorn-60031.exe
3760	Unicorn-40057.exe
220	Unicorn-13829.exe
1484	Unicorn-59658.exe
4532	Unicorn-57352.exe
3640	Unicorn-40751.exe
4248	Unicorn-21150.exe
4000	Unicorn-20853.exe
1616	Unicorn-27368.exe
3532	Unicorn-53910.exe
3240	Unicorn-43704.exe
2240	Unicorn-11040.exe
2636	Unicorn-26216.exe
4352	Unicorn-26216.exe
2372	Unicorn-8048.exe
2408	Unicorn-51296.exe
4144	Unicorn-31238.exe
1172	Unicorn-31238.exe
4748	Unicorn-59272.exe
4524	Unicorn-51031.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 880	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	91
PID 1908 wrote to memory of 880	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	91
PID 1908 wrote to memory of 880	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	91
PID 880 wrote to memory of 1688	880	Unicorn-25128.exe	94
PID 880 wrote to memory of 1688	880	Unicorn-25128.exe	94
PID 880 wrote to memory of 1688	880	Unicorn-25128.exe	94
PID 1908 wrote to memory of 1604	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	95
PID 1908 wrote to memory of 1604	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	95
PID 1908 wrote to memory of 1604	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	95
PID 1688 wrote to memory of 3560	1688	Unicorn-33016.exe	97
PID 1688 wrote to memory of 3560	1688	Unicorn-33016.exe	97
PID 1688 wrote to memory of 3560	1688	Unicorn-33016.exe	97
PID 880 wrote to memory of 2588	880	Unicorn-25128.exe	98
PID 880 wrote to memory of 2588	880	Unicorn-25128.exe	98
PID 880 wrote to memory of 2588	880	Unicorn-25128.exe	98
PID 1604 wrote to memory of 116	1604	Unicorn-62159.exe	99
PID 1604 wrote to memory of 116	1604	Unicorn-62159.exe	99
PID 1604 wrote to memory of 116	1604	Unicorn-62159.exe	99
PID 1908 wrote to memory of 640	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	100
PID 1908 wrote to memory of 640	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	100
PID 1908 wrote to memory of 640	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	100
PID 3560 wrote to memory of 4948	3560	Unicorn-46176.exe	103
PID 3560 wrote to memory of 4948	3560	Unicorn-46176.exe	103
PID 3560 wrote to memory of 4948	3560	Unicorn-46176.exe	103
PID 640 wrote to memory of 3872	640	Unicorn-7181.exe	104
PID 640 wrote to memory of 3872	640	Unicorn-7181.exe	104
PID 640 wrote to memory of 3872	640	Unicorn-7181.exe	104
PID 1688 wrote to memory of 4556	1688	Unicorn-33016.exe	105
PID 1688 wrote to memory of 4556	1688	Unicorn-33016.exe	105
PID 1688 wrote to memory of 4556	1688	Unicorn-33016.exe	105
PID 116 wrote to memory of 1184	116	Unicorn-12434.exe	106
PID 116 wrote to memory of 1184	116	Unicorn-12434.exe	106
PID 116 wrote to memory of 1184	116	Unicorn-12434.exe	106
PID 1604 wrote to memory of 1980	1604	Unicorn-62159.exe	107
PID 1604 wrote to memory of 1980	1604	Unicorn-62159.exe	107
PID 1604 wrote to memory of 1980	1604	Unicorn-62159.exe	107
PID 880 wrote to memory of 1220	880	Unicorn-25128.exe	108
PID 880 wrote to memory of 1220	880	Unicorn-25128.exe	108
PID 880 wrote to memory of 1220	880	Unicorn-25128.exe	108
PID 1908 wrote to memory of 624	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	109
PID 1908 wrote to memory of 624	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	109
PID 1908 wrote to memory of 624	1908	dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe	109
PID 2588 wrote to memory of 2428	2588	Unicorn-58106.exe	110
PID 2588 wrote to memory of 2428	2588	Unicorn-58106.exe	110
PID 2588 wrote to memory of 2428	2588	Unicorn-58106.exe	110
PID 4948 wrote to memory of 3468	4948	Unicorn-15527.exe	111
PID 4948 wrote to memory of 3468	4948	Unicorn-15527.exe	111
PID 4948 wrote to memory of 3468	4948	Unicorn-15527.exe	111
PID 1980 wrote to memory of 5024	1980	Unicorn-29102.exe	112
PID 1980 wrote to memory of 5024	1980	Unicorn-29102.exe	112
PID 1980 wrote to memory of 5024	1980	Unicorn-29102.exe	112
PID 3560 wrote to memory of 4480	3560	Unicorn-46176.exe	113
PID 3560 wrote to memory of 4480	3560	Unicorn-46176.exe	113
PID 3560 wrote to memory of 4480	3560	Unicorn-46176.exe	113
PID 880 wrote to memory of 4280	880	Unicorn-25128.exe	114
PID 880 wrote to memory of 4280	880	Unicorn-25128.exe	114
PID 880 wrote to memory of 4280	880	Unicorn-25128.exe	114
PID 1688 wrote to memory of 4588	1688	Unicorn-33016.exe	115
PID 1688 wrote to memory of 4588	1688	Unicorn-33016.exe	115
PID 1688 wrote to memory of 4588	1688	Unicorn-33016.exe	115
PID 624 wrote to memory of 1332	624	Unicorn-32367.exe	116
PID 624 wrote to memory of 1332	624	Unicorn-32367.exe	116
PID 624 wrote to memory of 1332	624	Unicorn-32367.exe	116
PID 4556 wrote to memory of 1472	4556	Unicorn-44863.exe	117

C:\Users\Admin\AppData\Local\Temp\dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe
"C:\Users\Admin\AppData\Local\Temp\dfba030f6e507f76bfc802d5d888645790892efe70d9286363fd39dd193cbb4e.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        10⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        11⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        11⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        10⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        10⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        10⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        9⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        9⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        9⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        9⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        9⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        8⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        8⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        10⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        10⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        9⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
        9⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        7⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        10⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        10⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        10⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        9⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        9⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        9⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        9⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38182.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        8⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        8⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        7⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        7⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        9⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        9⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        10⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        9⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
        7⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        7⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9735.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        6⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        7⤵
        Executes dropped EXE
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        10⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        10⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        9⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        9⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        9⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        9⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        9⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        8⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
        9⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        9⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        8⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        8⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        6⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34838.exe
        9⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        7⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        7⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38078.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        6⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        6⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        9⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        9⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        9⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62390.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        8⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        8⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        9⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        9⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        8⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
        6⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        9⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        9⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        8⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57157.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        7⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        7⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        6⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        7⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        6⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        5⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        6⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
        6⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        5⤵
        
        PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        9⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        8⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
        8⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        8⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        7⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        7⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-816.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        6⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        7⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        7⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        6⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        5⤵
        
        PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        6⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        6⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        5⤵
        
        PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        7⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        5⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43417.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        5⤵
        
        PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50992.exe
      4⤵
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        5⤵
        
        PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59597.exe
      4⤵
      PID:5044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        9⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        9⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        7⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        8⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        8⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        7⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        8⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        7⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 452
        8⤵
        Program crash
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
        7⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        7⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        6⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
        6⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
        5⤵
        
        PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        7⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        6⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        5⤵
        
        PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        6⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25358.exe
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42064.exe
      4⤵
      PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
      4⤵
      PID:12736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        7⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        7⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57998.exe
        7⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52196.exe
        6⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        6⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        6⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57149.exe
        6⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        6⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        5⤵
        
        PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
      4⤵
      PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
      4⤵
      PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        8⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        8⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        7⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        7⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        7⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        6⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        6⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        6⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
        7⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        6⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
      4⤵
      PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
      4⤵
      PID:15168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        5⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        5⤵
        
        PID:17740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
      4⤵
      PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        5⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17641.exe
        6⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
      4⤵
      PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      4⤵
      PID:15736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36856.exe
    3⤵
    PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
      4⤵
      PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        5⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        5⤵
        
        PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      4⤵
      PID:16164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
    3⤵
    PID:9532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
    3⤵
    PID:13000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
    3⤵
    PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
    3⤵
    PID:13692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        9⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
        9⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        8⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        7⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57732.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        6⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        7⤵
        
        PID:18016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
        6⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:19364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        5⤵
        
        PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        6⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        7⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        6⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
        6⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        7⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55380.exe
        7⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36808.exe
        6⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        7⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        5⤵
        
        PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      4⤵
      PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
      4⤵
      PID:7448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        7⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        9⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6074.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        7⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        7⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        6⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        5⤵
        
        PID:10604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        6⤵
        
        PID:18076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        6⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13894.exe
        5⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        5⤵
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        5⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        6⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53666.exe
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7572.exe
        5⤵
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
      4⤵
      PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45536.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        6⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        5⤵
        
        PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        5⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
      4⤵
      PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
      4⤵
      PID:11564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
      4⤵
      PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        5⤵
        
        PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        5⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20147.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        5⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36022.exe
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        5⤵
        
        PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
      4⤵
      PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
      4⤵
      PID:18520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
    3⤵
    PID:8796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
    3⤵
    PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        8⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        8⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        7⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        7⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        6⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        8⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        6⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        7⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        5⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        6⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        5⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        5⤵
        
        PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        6⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
        5⤵
        
        PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46600.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50678.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        5⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
        5⤵
        
        PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
      4⤵
      PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1431.exe
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        7⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        6⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        6⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        5⤵
        
        PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        5⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
      4⤵
      PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        6⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        7⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
      4⤵
      PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
      4⤵
      PID:12524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        5⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        6⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        5⤵
        
        PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
      4⤵
      PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      4⤵
      PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
      4⤵
      PID:10040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
      4⤵
      PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
      4⤵
      PID:12448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
    3⤵
    PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      4⤵
      PID:15928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15928 -s 72
        5⤵
        Program crash
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
      4⤵
      PID:7560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
    3⤵
    PID:12064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
    3⤵
    PID:924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        7⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        7⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
        6⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        7⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53366.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        5⤵
        
        PID:17692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        6⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        7⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        5⤵
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
      4⤵
      PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25470.exe
      4⤵
      PID:7792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
      4⤵
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        7⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        7⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        6⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        5⤵
        
        PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
    3⤵
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        6⤵
        
        PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        5⤵
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
      4⤵
      PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
    3⤵
    PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
      4⤵
      PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
      4⤵
      PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
    3⤵
    PID:9656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
    3⤵
    PID:936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        6⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50295.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        5⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        5⤵
        
        PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
      4⤵
      PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
      4⤵
      PID:15788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49111.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        5⤵
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
      4⤵
      PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
      4⤵
      PID:14176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
    3⤵
    PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
      4⤵
      PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
      4⤵
      PID:17724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
    3⤵
    PID:9048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
    3⤵
    PID:520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
    3⤵
    PID:11856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52832.exe
    3⤵
    PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        5⤵
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
      4⤵
      PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      4⤵
      PID:15616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
    3⤵
    PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
      4⤵
      PID:17196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
    3⤵
    PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
      4⤵
      PID:11536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
    3⤵
    PID:12360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
    3⤵
    PID:16788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
  2⤵
  PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
    3⤵
    PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
      4⤵
      PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
      4⤵
      PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      4⤵
      PID:16620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
    3⤵
    PID:9376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
    3⤵
    PID:14248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
    3⤵
    PID:3896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
  2⤵
  PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
    3⤵
    PID:8744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
    3⤵
    PID:9616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
    3⤵
    PID:14484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
  2⤵
  PID:9792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
  2⤵
  PID:13240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
  2⤵
  PID:16344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 15928 -ip 15928
1⤵
PID:16940

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe

Filesize
468KB

MD5
45e7e825a0470c82efb6ed81bca77809

SHA1
640e8aaf7cc82917d7310f847776ccc5078ffe6a

SHA256
eca4f029181558c9e4405af124be730a761d198367ec0b15953a57241eb4ef1a

SHA512
713ec07947573ef3306e4cd576377d87c04a0c18f4c6be930f2adb68961312f956d6d1bae36cc7e085c89b049e5fa9f12ab72ebf147caefc70f3cd73e02e8ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe

Filesize
468KB

MD5
0c56cf189a7891edabf3da5b534d29a4

SHA1
d9222a436d831e31a84ca4ba965645f89e716f79

SHA256
3d6e28aad0aa059c58d1416dfc62d9185db4a6f4938728e0435cb2f21aee99a0

SHA512
19db94e7f84b85c573c06907f7af42eebf77a46934ccab85f5552ac0d902a099f0925a59087e1fc62a97048fa02493b59fef83ba2f53cd01d336a06b5e4b5ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe

Filesize
468KB

MD5
5f551227c1c775b5795843a7fd3a4f09

SHA1
f4e38c3db3d35d9e05faf9ae87c10b09005c7285

SHA256
1edebc17b1bb8ed39b8b5e5e2411a70fd86a49aa11b8055b1f703705273bf51c

SHA512
4c2ae4967804ccb09b64e489f544c3d0d9cc0654253047874fcd5897c3e188280e348722954ff37b2981ef38daf6a117b37ae67a635308cb249d7f1eb502b2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe

Filesize
468KB

MD5
8e25e6aa137bc3b669c941e3e8e740e1

SHA1
fb2a55cb6251c05091b2eec92e20137d7c1b8500

SHA256
7cf45fdfa9097bb06128f11e87b0dc243346f713aac496756ffbb9e61754822f

SHA512
3ee7986b87849ec31f223eab034d8d73873f4f9053a1159deb3566284a570f9423c537457579163956118dfc5b56af8fcd828a1c126f435ecb6b3d1b2136f105

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe

Filesize
468KB

MD5
30ea0aa7e98cd9bca3e66f54aed89bfa

SHA1
1fa2b91747b5b606eed942bda32da034228b1773

SHA256
c0c844e3c852306575ace48b98e64dcf339293e9d355865fb572d3ae16fe0957

SHA512
65f5b159b814d30151c03c5cc04dd3d6a2f79f96ff7d8d932bcb4849e881c8fa374615001daa4637ba88da5ce073ef45384230892e66b1dc5ce11350478f8ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe

Filesize
468KB

MD5
35e4fbf9f14e6f2f826a40cef4c8f404

SHA1
e0b0ba2100c3ca5cbb69fdb40146b3ca45ab92c1

SHA256
aa2af894103311706b3eb0e68097549f29aa048abf3a45d45045477382579e06

SHA512
22d0035ac26ccbf4f0068bdfa6c3066528c2dc2a799e50e51749d02fded85526ec4df58eb58471146183112d41a6ea420234c544e73b3e6c0595d4a5ba65f410

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe

Filesize
468KB

MD5
7b6bc3d252614cba22c7889606014152

SHA1
d400a63f0498d732c9de26ab33d6490f97de4d36

SHA256
86b0c83fa98fc079da6198a6ebb0020ea75bd0eff44a4e3f0f13d41e17c19c5b

SHA512
099fb4ec669a71512d196fce4a6771090e43d4fc4c60c0fa591846c054b1e0b2547a5bbb7151b1327f0d743de991c2647e3fc7d183c0c3dd389c1217bbacc7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe

Filesize
468KB

MD5
94a10003c7bc2bbc7b79abde46bf85ab

SHA1
138937490fe3b0e92f9cc0ab27eeb0a3d38b1109

SHA256
d03d6a4165e5d51bcd4abb7c46b171a85739ee9e07a2050bf204bc2f56aa4e9a

SHA512
6cbc892ae026bd2227a58ca9fd31188df24ca329219c40865822896ba212f1074f70e9973e3c5ecba9b45cb6aa9d2b42e495d09b8ea24f68873eb411f5060548

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe

Filesize
468KB

MD5
20a49e368cff78e308f3fa958d3024b9

SHA1
c26f52387b46c52b895eb06a9c4ef365d1bdd5d7

SHA256
eeaf96648acc39f720bee19d166976f5bcf3df68d0905d8b9967ce0ddd21b731

SHA512
66a7e901f1f9ef70e87827bc1d1aae77ad6f2b7843a5ba7421eac78ea891b53e7debaaed7ce29c3448a6c54f0951db3b5f459400e4a2873e8540a41b365cfed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe

Filesize
468KB

MD5
7d310d9c5072d8e29e3d71bb35698129

SHA1
bfbafdadbc972370fc811e895b0dee225167a552

SHA256
f5bb392090ba12fa3154e2fc4c738ab9320c2b2a3816db3c2ab851a16e8c7aa9

SHA512
4c9ec376a3811cd285b34bd00198c8d4a989a8a2ca9a7c47c3cf298a17f279ee7e2243641732f0db8f692bec76b48778f806e4d58dff6a59358aa397ebb4583d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe

Filesize
468KB

MD5
162087c1b0f7bc7f982afb4b1ac86e4d

SHA1
c01f67a084dc578e612a38902583c9c60a644734

SHA256
340ea8acea70287e3c29adb8b435baa0b89ca3c6c360635b93bc9c1d89677223

SHA512
e8fb7637db6d10a610bdf074f81c24d1349130e7b1dececd46632f4bb363c7289d6c1e9ab178078c3e70df49fe9a58d95d6b0a6ca14adf687eaf44bbaaac90b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe

Filesize
468KB

MD5
a9e6b269f889dd7e7ede42c247f81dcc

SHA1
e7e4affdeca32c19b2323b9a80e8023fd499b4cc

SHA256
e06af9d2d37d1b886c80791a4e4f39a93a8e16489fa7a192d20da5303fbb8e22

SHA512
6bd77c3197546708cbd0490420aef145ff645395121b5fbda06ed0a7b8974bbcabdaf010c023c6886d9aea1ac6c11a22db420077a341dcac7caf4e154573c0e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe

Filesize
468KB

MD5
f57e6a174a8c1b2a39316ef59d94944f

SHA1
a8fce4d87c4d1481d6222b24d5450ad8b45cf4df

SHA256
6a89d7a9cbfe4570ef4e757403bb6a17d0a18aa8d093d1ffcc8fe5354a0317ca

SHA512
0d6d0d83d53d09e0c6cf349a3433032c7933a0a7d75a9ca6283ff96368a1b848df1ca0875b04d1ae21ad646e5133a8f8c3ee6682667a32a800174e5006dafc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe

Filesize
468KB

MD5
4c53ae4d7a1e88f8089131ae6afd774b

SHA1
d379261c20aafcfdd580649f37b9690a66708caa

SHA256
ec40b9c39f36aad18f4191b691eddfdbee53c2407fda7b1a9bba4e241c080601

SHA512
f084ac3259d7cf1d3c5d3816e656175233b730a9928c41bf201376c907394a75594c402b81dffc031c1a0419e916e5c863327d356da78667a8259a819d56f8f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe

Filesize
468KB

MD5
dc55f8d8b9c7e2c0ec1e6f0f38c4c130

SHA1
9f1e697e45e465495ea76ba8a1012a0744c23ec5

SHA256
5a53f8ac44069df4c3fab92be0c52fabb4cc0ed34aca2ff58206eacfd177d829

SHA512
69eee3d0641ab5beb2cd83ec0e9731f7c3011ecf4299d60973687688f6e32c5ff8830b5c702b2f7e1ce76083065fd6d7ce55e152d239284c335cc1bb15f38dfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe

Filesize
468KB

MD5
12039379d42bfc1c06924523829928d3

SHA1
273dc2164315afd805bb38a0f4d73ef3d126d97e

SHA256
fe3c9f39eddf77f975821f180c27ad3274fec62c599d470b951ce4b49ca99975

SHA512
dbe79ef86db956cf869e619e146b50ccf800f595df81961eac466defc4a3a0902e4d7e429a07ed09de28060d6a42031be3226f6b48b74e7818df48562abaa9d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3445.exe

Filesize
468KB

MD5
ccf20aee2e3bb417c84c99f351d0200b

SHA1
f1cb01455fcd866943020e3664223b8f2b55ac8e

SHA256
0115744f4314c180657b43ef5a06d63e9e419657f075200d8625a46e65f227d4

SHA512
0a6a4a5d890559fd78b1cea4624ab2fc7940c1d9ab9e9f550d4a2dd4d3679c86975e230ec55c8e0154942a392e45ed2670c4a9c0ca94434e45696f070df12e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe

Filesize
468KB

MD5
b3853047d2c6cb50dd2fd02df8edb685

SHA1
3d27fcdb668f13b090f8fb8700af617a9547eb9f

SHA256
ac7f4e77f0f2af764f774a7a526ab09578e69a2c7756ea1e6fda5a49c94f99df

SHA512
916598419db40f225a57e7000c4957cf911f60207e248a61344587533dbc3d0357ea5b79fad679f28182382aeed0eb9660d2afb29644ee4e1de464335fb02781

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe

Filesize
468KB

MD5
17bc1dc7d272fad4687b0be13cfa2da8

SHA1
795f5e3755f803aed1bbb0e320f82b53f801525e

SHA256
aac5206bdb38a75db5d31906d4b5ecbf0e07a485b3e9436f98766c9bb9d221dd

SHA512
bfd7971417b8ec37dda7319c5be46c0285ae9085a0e51068fbbdaaeadda7029e3e57f485b7a774e88244ee7d4803cc0560bb635246ca5b7aee6d6977d80ffcd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe

Filesize
468KB

MD5
2ed0fd9f72d7a5d49af8b3f0863a8861

SHA1
0ea434742861f2f73e7927e56e0b2c1dcfd725b9

SHA256
9672feab4e916eb19868d404c13765f3ddd858fa64b8e6c7073ae664f3a14fa2

SHA512
595ccfa705ac8afaa5508e3f55afa353edb328593c6641672a48f0f8b080eefba2f78ad6cb560e7863a9581bb28b8d8efdb229be1926abada84dae6e149b5d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe

Filesize
468KB

MD5
b9d28f9ff54c470956b94b89b4b489f0

SHA1
5e9354fb945ade282c6452d9973d4dec476c923c

SHA256
7bf3a97dcd5eaa4c004e03d38e6218171d88b89b29e54d4807c28380a536f0ab

SHA512
47bb6f91ce3ac89cb6c56ff35e089fb97f952e8d1d7debe9ae5b91cb51050c5b4d4d2114ffe8a99de20dd9b8bf83dcd27be0b426a316775ac373b18138d42e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe

Filesize
468KB

MD5
6f7882c0b042ef54d6940d4d76d64b42

SHA1
b1214e9e2e9f8adaf68ea4d29d2c6c5a116fd239

SHA256
ca902ea8ea588ed4eebf3fc167c79bbe644ed9683e228fea169458162c431583

SHA512
b3347f3f585a54e685e05e9dca93cf41d60b3f7faf1b5b674c2adc709d4005bae430014d7113c72cfeff0d33943a15676e96b258a56925cece12e8098c776e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe

Filesize
468KB

MD5
c485edf74582ab9cd8a8f494cc15b53e

SHA1
b89a5dfb677943a1fbe61a97b6d550a10a40308d

SHA256
0db1a84b5c7245fb5934a865663de427d13649c068c0623c953096492dddec6f

SHA512
785eb918637eb2debcc37a8b91119ef6ab21224f28a8ec45bb99690a18cca0a41c95d241c9642d3e75e3897222325e48f1741b4873e150c7a38c88373b9d7b59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe

Filesize
468KB

MD5
b049fbcc466408d2bb23d0de70ba2c1b

SHA1
3cf3c91085628cae0eb70e63b0d42ee27afededa

SHA256
5b21e8e76499de6d283948daad829a41c261d0863b087faab2d0f06d077dde37

SHA512
dc78bea8db0831220fb659fd4c4507847f43e60f552a459b0aa95c8bb8833114d234b9fedec1bf920fd67b6cfec2e042387e6a2bcd97f21518045458c777be1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe

Filesize
468KB

MD5
cb75becf165910f185b2b74f495805e7

SHA1
87774eee14ab403ac98524117ecd3be722799a80

SHA256
6567757737e4ce0d82fc94b0cbeffcb90f651d006227815896d3d36cbf9182cc

SHA512
3322d28a3f564343a646dde52ce0eef7f084876a86bb1b049ce6718af820ba1959c3094c316a6d1e34427234aa21795091e74498000b7d0edbe638332a3d12a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe

Filesize
468KB

MD5
af5a825a63c78913409f27c551978175

SHA1
c108171109482385a6a4abd3cadc41892e18b13c

SHA256
c1900ddf92a4a9390f4a7f6a4da5b287858c9acfa0c2f6431ce3eae560144417

SHA512
0cb309ccbc6e15143ab67311198961ca5f9460dcb2bdde82e161fc45468bad6c983f711bca0e4bc7ca3806e1f5405c4dbf4393272217a21f546f006308c17004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe

Filesize
468KB

MD5
04f6b5c27b49c9c933fe23b688af74cd

SHA1
3b33554bb1a5036fea50390397397e18e4cbb8d0

SHA256
136d5ec72be4b4d292a4b86586015d8efb8c46f8f4f7f6cc22812dea5ae8a1c7

SHA512
916d7a24b404646de359507b0d59c8d82e7502c1f012fdd54bf19724768d3154e4b7416915b7b31811767bbdf35a7482ccdb8980d9ef74cb3e23ebc4c1bf5e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe

Filesize
468KB

MD5
7f33834dce5d50fc46be07db4b941119

SHA1
1775a00a2077556e178cf3958021aba3af1370f9

SHA256
d64bc52df4b9248568304e6a059fb6d08a4e3fb941d9f2eea42d334514993487

SHA512
ef3d7e410d17b7705c81db42399389bebe4758bf89f66039e3f4274501c737c0746cc22d827fa37bf4a0c3c62afa6d3bab68d32ad1965185f5f5c6bd20164cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe

Filesize
468KB

MD5
bbb6a2659fc889bbde6c3edc980097ce

SHA1
f55bce71867af265d4423f839f95b295a517de58

SHA256
854f8d981e4df5f67b582eabd9aa4f311e1219c5504afc7bcf9b36b1eb46b234

SHA512
8e5988845f5ff9eeb6aaa93677b5e3455a035ce2592553150da03e851e558f14d96f32f6151df8cfcc88dc0660ad984e367447df81bcbdd700687db6c03ac715

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe

Filesize
468KB

MD5
fd1a4cd99eded297586335ba9666001d

SHA1
4ea7ccab42087d33a373c72f2f569e71c8084dcd

SHA256
c77bb602e19cbc1b00f0c564b306e7b0355d282ef72c7d998a67c32e11bc3c27

SHA512
ff1f49e292d96ac849136ada98c3e51889f6c53a415da9413cb3bfdeb4cea901f289823db51faebbc648a08d93d70b30e7991c976639af4bf37a9abf2f1a7da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6726.exe

Filesize
468KB

MD5
53fe918b94756507a330c39aace40650

SHA1
105a3f312574aa907da4cd326deffe91678ff4b2

SHA256
fe97e4509cfbe54af109040a1a01c7577f9dbcdf744020f38f7665b4eda589d5

SHA512
9e064a81980d019a3908c531b458e3abd8f116eb1fb32785b0e24b5b2286d853891e1eebc5d96d76b7ecc089a37e8a1eadaaedbc45cf58a234a35c63df8bb966

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe

Filesize
468KB

MD5
fd4f6610cd8ce54a9f370dc603e829ac

SHA1
2462eac10ada5485f01a8e333e6b68008339bb5a

SHA256
4e4eb2999a77165b2a287083981a7f3ddf36db27a51000111daa9159e36ad4b4

SHA512
653c1e4ba5c2093b256945467f48ce7a02d5734e97309e9440f2dd933e60966d6f2b28d425fc8a127af08d73a1f4aa4f66a16b09b760234cece7bf7a31ce75ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe

Filesize
468KB

MD5
ed0037c5ad950218448c570939d80125

SHA1
46fa27a22eefd18fc266cdfa04b42dd12b852bb4

SHA256
a37f6ac508e8cd088fe1ebce8bc1e2332ec8f72f1edd8b9c1ce4348228ecb41f

SHA512
f9b0be3d4e386ced9ec1d888be5f2ea653c88d602a5eeb6d43ca9587ea95508bd62856cc842100fb96f56606bc0b6fa770b2270690476bbb1a2d457be1a6ec5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe

Filesize
468KB

MD5
16a30660132b017183bb7b3e791ee3b5

SHA1
3d4d9254760adb9731d98a4301e92b91ed0f9e8c

SHA256
9ad410eaa28976212233f6fa7c3c91aff75e80ebf69117b3e40a49376fff425b

SHA512
a21a996da27e62bf11c37323a87814a46e2dcf14b923e59043184a5b1c0122fe058c8c8073fa2285188b7352d48590bf7084de94caf6abebbcb2d6acdd8fee00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe

Filesize
468KB

MD5
5d08642dc3e4a475a97d876281173b77

SHA1
3bf25594f38312915b413513386f068315cafc84

SHA256
156e0791ab5155f655d87804785837ad192374f7752f4e0bc6a3a246d6b1667f

SHA512
e90362fe536d88470a6d077b57b1d324c90b260674d1120fdc3e679148563e363a53c2526280c563462b1b18847c9c7f96c88710ee5429bebf0ed9c508ef5c50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads