7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d

Analysis

max time kernel
150s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe
Size

468KB
MD5

23f735c98a035ce52616b544f1734d5d
SHA1

0b65491b2385bded0fbe88448ececf86976910f5
SHA256

7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d
SHA512

a5f1bcaf1c90e19fcc775137f73c423c8a3db078ecc0912d69bb9b370cfe096d25450d1abcabcf285d56e4707e1e206b610022a95ab1ae6b183821dd280e6b65
SSDEEP

3072:KoA3ogYiIj5UtbYTFztjcf8Lq9KvUgpucmHmGVsK0Ue8DppsOAlU:KosorNUt4FJjcfDcDG0UXdpsO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3456	Unicorn-60790.exe
1876	Unicorn-24994.exe
2152	Unicorn-31770.exe
2868	Unicorn-63634.exe
5116	Unicorn-63634.exe
3264	Unicorn-13042.exe
116	Unicorn-26777.exe
2204	Unicorn-33868.exe
4900	Unicorn-33868.exe
1496	Unicorn-3141.exe
2516	Unicorn-3141.exe
4520	Unicorn-48350.exe
4720	Unicorn-54215.exe
3700	Unicorn-34614.exe
764	Unicorn-49502.exe
4684	Unicorn-37734.exe
1260	Unicorn-15175.exe
3384	Unicorn-23152.exe
4996	Unicorn-19068.exe
4236	Unicorn-34012.exe
440	Unicorn-51832.exe
2344	Unicorn-57962.exe
2624	Unicorn-46265.exe
2356	Unicorn-7370.exe
3592	Unicorn-18305.exe
3092	Unicorn-7370.exe
3636	Unicorn-328.exe
1896	Unicorn-3234.exe
4388	Unicorn-3499.exe
1384	Unicorn-354.exe
5024	Unicorn-41024.exe
1204	Unicorn-25242.exe
2988	Unicorn-12435.exe
1524	Unicorn-36124.exe
404	Unicorn-29348.exe
3304	Unicorn-37516.exe
3496	Unicorn-64158.exe
1888	Unicorn-14692.exe
2776	Unicorn-23318.exe
3896	Unicorn-46431.exe
3800	Unicorn-7536.exe
4980	Unicorn-23318.exe
816	Unicorn-23318.exe
1900	Unicorn-46431.exe
872	Unicorn-10965.exe
4296	Unicorn-4081.exe
3232	Unicorn-62212.exe
3104	Unicorn-4843.exe
752	Unicorn-18941.exe
1248	Unicorn-6881.exe
4364	Unicorn-4843.exe
2224	Unicorn-18941.exe
5012	Unicorn-53083.exe
4216	Unicorn-15341.exe
2280	Unicorn-46815.exe
3308	Unicorn-58512.exe
2584	Unicorn-18855.exe
224	Unicorn-50052.exe
1212	Unicorn-52190.exe
468	Unicorn-49960.exe
5016	Unicorn-1335.exe
1932	Unicorn-24448.exe
1688	Unicorn-34099.exe
1052	Unicorn-5419.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1096	404	WerFault.exe	128
5604	624	WerFault.exe	163
10192	6140	WerFault.exe	214
18068	17712	WerFault.exe	883
7420	7856	WerFault.exe	316
10412	5944	Process not Found	995
11076	3948	Process not Found	973

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19380.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6460	dwm.exe
Token: SeChangeNotifyPrivilege	6460	dwm.exe
Token: 33	6460	dwm.exe
Token: SeIncBasePriorityPrivilege	6460	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe
3456	Unicorn-60790.exe
1876	Unicorn-24994.exe
2152	Unicorn-31770.exe
2868	Unicorn-63634.exe
3264	Unicorn-13042.exe
5116	Unicorn-63634.exe
116	Unicorn-26777.exe
2204	Unicorn-33868.exe
1496	Unicorn-3141.exe
4900	Unicorn-33868.exe
2516	Unicorn-3141.exe
3700	Unicorn-34614.exe
4720	Unicorn-54215.exe
4520	Unicorn-48350.exe
764	Unicorn-49502.exe
4684	Unicorn-37734.exe
4996	Unicorn-19068.exe
1260	Unicorn-15175.exe
3384	Unicorn-23152.exe
440	Unicorn-51832.exe
2344	Unicorn-57962.exe
3092	Unicorn-7370.exe
3592	Unicorn-18305.exe
2624	Unicorn-46265.exe
3636	Unicorn-328.exe
4236	Unicorn-34012.exe
2356	Unicorn-7370.exe
1896	Unicorn-3234.exe
4388	Unicorn-3499.exe
1384	Unicorn-354.exe
5024	Unicorn-41024.exe
1204	Unicorn-25242.exe
2988	Unicorn-12435.exe
1524	Unicorn-36124.exe
404	Unicorn-29348.exe
3304	Unicorn-37516.exe
3496	Unicorn-64158.exe
1888	Unicorn-14692.exe
2776	Unicorn-23318.exe
4980	Unicorn-23318.exe
3896	Unicorn-46431.exe
816	Unicorn-23318.exe
3800	Unicorn-7536.exe
872	Unicorn-10965.exe
1900	Unicorn-46431.exe
1248	Unicorn-6881.exe
4364	Unicorn-4843.exe
4296	Unicorn-4081.exe
3104	Unicorn-4843.exe
2224	Unicorn-18941.exe
752	Unicorn-18941.exe
5012	Unicorn-53083.exe
3232	Unicorn-62212.exe
4216	Unicorn-15341.exe
2280	Unicorn-46815.exe
2584	Unicorn-18855.exe
3308	Unicorn-58512.exe
224	Unicorn-50052.exe
1212	Unicorn-52190.exe
468	Unicorn-49960.exe
5016	Unicorn-1335.exe
1688	Unicorn-34099.exe
1052	Unicorn-5419.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 3456	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	91
PID 1028 wrote to memory of 3456	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	91
PID 1028 wrote to memory of 3456	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	91
PID 3456 wrote to memory of 1876	3456	Unicorn-60790.exe	93
PID 3456 wrote to memory of 1876	3456	Unicorn-60790.exe	93
PID 3456 wrote to memory of 1876	3456	Unicorn-60790.exe	93
PID 1028 wrote to memory of 2152	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	94
PID 1028 wrote to memory of 2152	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	94
PID 1028 wrote to memory of 2152	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	94
PID 1876 wrote to memory of 2868	1876	Unicorn-24994.exe	98
PID 1876 wrote to memory of 2868	1876	Unicorn-24994.exe	98
PID 1876 wrote to memory of 2868	1876	Unicorn-24994.exe	98
PID 2152 wrote to memory of 5116	2152	Unicorn-31770.exe	97
PID 2152 wrote to memory of 5116	2152	Unicorn-31770.exe	97
PID 2152 wrote to memory of 5116	2152	Unicorn-31770.exe	97
PID 3456 wrote to memory of 3264	3456	Unicorn-60790.exe	100
PID 3456 wrote to memory of 3264	3456	Unicorn-60790.exe	100
PID 3456 wrote to memory of 3264	3456	Unicorn-60790.exe	100
PID 1028 wrote to memory of 116	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	99
PID 1028 wrote to memory of 116	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	99
PID 1028 wrote to memory of 116	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	99
PID 3264 wrote to memory of 2204	3264	Unicorn-13042.exe	102
PID 3264 wrote to memory of 2204	3264	Unicorn-13042.exe	102
PID 3264 wrote to memory of 2204	3264	Unicorn-13042.exe	102
PID 2868 wrote to memory of 4900	2868	Unicorn-63634.exe	101
PID 2868 wrote to memory of 4900	2868	Unicorn-63634.exe	101
PID 2868 wrote to memory of 4900	2868	Unicorn-63634.exe	101
PID 116 wrote to memory of 1496	116	Unicorn-26777.exe	103
PID 116 wrote to memory of 1496	116	Unicorn-26777.exe	103
PID 116 wrote to memory of 1496	116	Unicorn-26777.exe	103
PID 5116 wrote to memory of 2516	5116	Unicorn-63634.exe	104
PID 5116 wrote to memory of 2516	5116	Unicorn-63634.exe	104
PID 5116 wrote to memory of 2516	5116	Unicorn-63634.exe	104
PID 1028 wrote to memory of 4720	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	106
PID 1028 wrote to memory of 4720	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	106
PID 1028 wrote to memory of 4720	1028	7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe	106
PID 3456 wrote to memory of 4520	3456	Unicorn-60790.exe	105
PID 3456 wrote to memory of 4520	3456	Unicorn-60790.exe	105
PID 3456 wrote to memory of 4520	3456	Unicorn-60790.exe	105
PID 2152 wrote to memory of 3700	2152	Unicorn-31770.exe	107
PID 2152 wrote to memory of 3700	2152	Unicorn-31770.exe	107
PID 2152 wrote to memory of 3700	2152	Unicorn-31770.exe	107
PID 1876 wrote to memory of 764	1876	Unicorn-24994.exe	108
PID 1876 wrote to memory of 764	1876	Unicorn-24994.exe	108
PID 1876 wrote to memory of 764	1876	Unicorn-24994.exe	108
PID 3700 wrote to memory of 4684	3700	Unicorn-34614.exe	109
PID 3700 wrote to memory of 4684	3700	Unicorn-34614.exe	109
PID 3700 wrote to memory of 4684	3700	Unicorn-34614.exe	109
PID 4720 wrote to memory of 1260	4720	Unicorn-54215.exe	110
PID 4720 wrote to memory of 1260	4720	Unicorn-54215.exe	110
PID 4720 wrote to memory of 1260	4720	Unicorn-54215.exe	110
PID 2516 wrote to memory of 3384	2516	Unicorn-3141.exe	111
PID 2516 wrote to memory of 3384	2516	Unicorn-3141.exe	111
PID 2516 wrote to memory of 3384	2516	Unicorn-3141.exe	111
PID 4520 wrote to memory of 4996	4520	Unicorn-48350.exe	114
PID 4520 wrote to memory of 4996	4520	Unicorn-48350.exe	114
PID 4520 wrote to memory of 4996	4520	Unicorn-48350.exe	114
PID 116 wrote to memory of 4236	116	Unicorn-26777.exe	115
PID 116 wrote to memory of 4236	116	Unicorn-26777.exe	115
PID 116 wrote to memory of 4236	116	Unicorn-26777.exe	115
PID 2152 wrote to memory of 440	2152	Unicorn-31770.exe	112
PID 2152 wrote to memory of 440	2152	Unicorn-31770.exe	112
PID 2152 wrote to memory of 440	2152	Unicorn-31770.exe	112
PID 1496 wrote to memory of 2344	1496	Unicorn-3141.exe	113

C:\Users\Admin\AppData\Local\Temp\7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe
"C:\Users\Admin\AppData\Local\Temp\7dc40c63d90f5a03bda7a6fc7426da8e16d44e309409973fca5860785307702d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        9⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        9⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        8⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        8⤵
        
        PID:18464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
        7⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        7⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62498.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        6⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        8⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        8⤵
        
        PID:17928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        8⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        7⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        8⤵
        
        PID:17080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55354.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10811.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        7⤵
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        6⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        7⤵
        
        PID:17668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        7⤵
        
        PID:18580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        6⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        6⤵
        
        PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        5⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        5⤵
        
        PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        7⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        9⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        9⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        9⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        8⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        8⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        8⤵
        
        PID:18752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        7⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        7⤵
        
        PID:18744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
        7⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        5⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        5⤵
        
        PID:18888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        7⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        7⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        7⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11589.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
        6⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        5⤵
        
        PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        6⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45845.exe
        5⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34196.exe
      4⤵
      PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
      4⤵
      PID:18640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        9⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        9⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        9⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        7⤵
        
        PID:18932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        8⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        6⤵
        
        PID:18596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        7⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        8⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        8⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        8⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        7⤵
        
        PID:18568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        6⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        7⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61062.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        5⤵
        
        PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        7⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        6⤵
        
        PID:18792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        7⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20942.exe
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        7⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        7⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        7⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3643.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        5⤵
        
        PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        6⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        5⤵
        
        PID:17712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17712 -s 80
        6⤵
        Program crash
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
      4⤵
      PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        5⤵
        
        PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        9⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        9⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        9⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        8⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        8⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27880.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        8⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        8⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        7⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        7⤵
        
        PID:17712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        8⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        7⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        7⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        6⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        5⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        6⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
        8⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36823.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        5⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        6⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        6⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38356.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        6⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1045.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        6⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        5⤵
        
        PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9979.exe
      4⤵
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        7⤵
        
        PID:17584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        5⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        5⤵
        
        PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        5⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        5⤵
        
        PID:18688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        5⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62367.exe
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
      4⤵
      PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
      4⤵
      PID:18576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        6⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        7⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        6⤵
        
        PID:16220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
        5⤵
        
        PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63188.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        5⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
      4⤵
      PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
      4⤵
      PID:17616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        6⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        5⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        5⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28871.exe
        5⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
      4⤵
      PID:16088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
      4⤵
      PID:18124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
    3⤵
    PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        5⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
      4⤵
      PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
      4⤵
      PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
      4⤵
      PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
    3⤵
    PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
      4⤵
      PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        5⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        5⤵
        
        PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
      4⤵
      PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
    3⤵
    PID:10188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
    3⤵
    PID:13520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56778.exe
    3⤵
    PID:17468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        9⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        9⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        9⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
        9⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        8⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        7⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        6⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        8⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        7⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        7⤵
        
        PID:18604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        6⤵
        
        PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        8⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
        7⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
        6⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6506.exe
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        5⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        7⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        7⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36292.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        6⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
        6⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        7⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57225.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        7⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        6⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        6⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        6⤵
        
        PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1237.exe
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        5⤵
        
        PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        6⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        7⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
        7⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        6⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        5⤵
        
        PID:18588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
      4⤵
      PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21975.exe
      4⤵
      PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
      4⤵
      PID:18916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1335.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        9⤵
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        7⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9270.exe
        8⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        8⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        7⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32739.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        5⤵
        Executes dropped EXE
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        7⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10147.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        7⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        6⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27187.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        
        PID:19176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        5⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        5⤵
        
        PID:17912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        6⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        5⤵
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        6⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31092.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        6⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        6⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6192.exe
        5⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        5⤵
        
        PID:17776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
      4⤵
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
        6⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        5⤵
        
        PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        5⤵
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
      4⤵
      PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
      4⤵
      PID:17564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
      4⤵
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25726.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        6⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
      4⤵
      PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
      4⤵
      PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
      4⤵
      PID:7316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
    3⤵
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        5⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
      4⤵
      PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        5⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
      4⤵
      PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8480.exe
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
    3⤵
    PID:12376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
    3⤵
    PID:15640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
    3⤵
    PID:7480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
        5⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        7⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        7⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        6⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46778.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        6⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        5⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        6⤵
        
        PID:18648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        5⤵
        
        PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        7⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        5⤵
        
        PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
        6⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        5⤵
        
        PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
      4⤵
      PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
      4⤵
      PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      4⤵
      PID:18856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        7⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        7⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        6⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        6⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
        5⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
      4⤵
      PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        5⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        5⤵
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        6⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        7⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        6⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        5⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        5⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        5⤵
        
        PID:19004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54729.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
      4⤵
      PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53650.exe
        5⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        6⤵
        
        PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19088.exe
        5⤵
        
        PID:13592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        5⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      4⤵
      PID:15200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      4⤵
      PID:7596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
    3⤵
    PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
      4⤵
      PID:15260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 640
      4⤵
      Program crash
      PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
    3⤵
    PID:10832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
    3⤵
    PID:14604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
    3⤵
    PID:6464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        5⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
        8⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 636
        7⤵
        Program crash
        
        PID:10192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 628
        6⤵
        Program crash
        
        PID:5604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 744
        5⤵
        Program crash
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        6⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        5⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        5⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        6⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        5⤵
        
        PID:18448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
      4⤵
      PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
      4⤵
      PID:17940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        5⤵
        
        PID:18924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
      4⤵
      PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
      4⤵
      PID:17276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46738.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63623.exe
        5⤵
        
        PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
      4⤵
      PID:7252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
    3⤵
    PID:7972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
    3⤵
    PID:11248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
    3⤵
    PID:14592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
    3⤵
    PID:6512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        7⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        6⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55020.exe
        5⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
      4⤵
      PID:16780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        5⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      4⤵
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
    3⤵
    PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
      4⤵
      PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
      4⤵
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
    3⤵
    PID:10868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
    3⤵
    PID:14716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
    3⤵
    PID:2160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62782.exe
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
      4⤵
      PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
      4⤵
      PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
      4⤵
      PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
    3⤵
    PID:10420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
    3⤵
    PID:14504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
    3⤵
    PID:18092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
  2⤵
  PID:5544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
  2⤵
  PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
    3⤵
    PID:8752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
    3⤵
    PID:13156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
    3⤵
    PID:17100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
  2⤵
  PID:8540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
  2⤵
  PID:12224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
  2⤵
  PID:17396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
  2⤵
  PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 404 -ip 404
1⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 624 -ip 624
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6140 -ip 6140
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7856 -ip 7856
1⤵
PID:7076

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe

Filesize
468KB

MD5
a7e922aed40fdfa07ca955bc534cdce1

SHA1
6adb0116a8b1ee28e33fd19cc5e8c69a670ee500

SHA256
1acda7f160f0b371b9436024d63263ce83279d09c836f264f90cf0ed46522ffb

SHA512
f57f77f985580d16222741842e2fadef569057b687b1d8219b3d4c32cc15b1dda5214ee1864e59102423578d3ea803673312f99c20af362ab09a47024456551f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe

Filesize
468KB

MD5
c4ea4f8be17757ba262e3732da21f36c

SHA1
4d65f10b3cb0625d4fbe0231b874cba4d3adc4ee

SHA256
6c0cabd5ad7fb9226d91264425dd1ee2a5b0eed1767163c9075fb515483f71a1

SHA512
9b3bae78f19fc5e5a33fd83f0dfbd73e6d1143722b51058436c9d73eb7ed202fa107791004a434a1746d78381214665b6e4114e8675c19cf62893bf7c287c8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe

Filesize
468KB

MD5
d710ee279f0984d6de9222fbbf17a661

SHA1
58d22d347bac39c9a3d242197df9fda6ca26432a

SHA256
37a6845f84f438de6752f5d4003c6527fcbe7c91dac00a613bbb5510adb46619

SHA512
6b0621a4015fd036e2fc9975a7574a5c39b9f68063e0b6694ae2c550040957657071d7b18f373b2aec84167920b8dc548823ac1e34a7fe74a3ccd09f0902cb9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe

Filesize
468KB

MD5
c649c7119c25656f1ce80834af639ad7

SHA1
357683dd77f6b98a5575e345729d5eb9a9c9c139

SHA256
02b0e3811df6311a3733079aa9c2f3a2217b8d93f1ada216dde850cb9a5cd873

SHA512
e9ab42dbdb608213214f47365200985c01521b0a04239420d9b695219db743cd03146c4ccbd6f28f88fc2d43c041fa04dba7514e4c436baa0fc39a608a7e9520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe

Filesize
468KB

MD5
d8bf163b9367f96dea6ee7d239813054

SHA1
16b60f0faa1297e0d12df6ef0ed7d6e881572a5b

SHA256
c653b344cfce54a0885e9f7a9460cf489304319401d90a2cbba52e7c0cfcbfc0

SHA512
305f5397dc210e3e1d7112ae71137a514f2386754292f6fdf0a3a2e66d621d5eca2cf2cb0e99cfa36c91babff89c1799328cf34e5eec396d7da3830b3c51be8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe

Filesize
468KB

MD5
0c441e2f194610e79bc1253b4e10a5d1

SHA1
f504fdfedb2e00a437122e5285a388a8751b5371

SHA256
fe32a3992c63797bd10224b7d05fbf2a8c8833d8f165512509bb034667ea61bf

SHA512
62fb7a91960547748100e8ce27566eea63d5d0d098f339a6cc1dbc83b1ee9e196b054d9535aef10cebdbae458201c6b2fafc6b5eab3cecca01594ce64242aa63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe

Filesize
468KB

MD5
fd688a0b8f0021ef2dae7cdc539e2fda

SHA1
a4a6d05e66f0db95a559f30c3e6e17b142cef64b

SHA256
26be82039d73f8d40624356236e6461c63b1656fc6e7946458b1f5d30f556d4c

SHA512
73547ad2332f7fe9db55ef80b630d57204edf0104263d39f31c2244a6c6f4838984ba2cf0c8ee61fc3522d140909e4f17f60f6cf6acc9bc6da37eea883e0adc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe

Filesize
468KB

MD5
f7a5fe2e0d254398315bb9f231d4192e

SHA1
8c9a8d6f2fbbf1bcdf5fdea378d3c125f24a8679

SHA256
b59887ebccc347ddb0a9eb0fa141bbbca5291966788a452e35abd1012ea07a07

SHA512
a6437c0e5e758f0beeec4eeeaba9258f936ba92e1531838deff61fca087bad7ef4ecff919041fd2b5f7edab7d253372317fc083540d4be6d489b6242a50f2820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe

Filesize
468KB

MD5
deae93dc5b7673d1424d10f6fab3a026

SHA1
1e5fb583bcf1713f503a678532b195e1e44d622f

SHA256
34108479afa05ffb2f06be48cb02bf089d1417fd141816be2380f02dc01faac7

SHA512
d1d1935ae36bd397e1802ea7ceb8ccc42ba524f13056170a48a90e8508d8528ca1a7de40189cfcb9ac2b7bfba01c3d473d8e8282e5a19b6ff834d048fa6e012f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe

Filesize
468KB

MD5
cdfb101fd65665660502f41668c8f3e2

SHA1
1d9e9d19a74a0617f0e1bbd5b5897349d491e9de

SHA256
aa84752c18ae6bd9c5579892fda7866f71e752e959c30c186a009c954b538bc1

SHA512
301d2dc8e8106a3da892a7bd09efc63bd664167bdbd4cf1aa50837e55097b4a3d7a571e286bcccb17596f5eebac0889a241af54e5c715e2ff1da30387f831a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe

Filesize
468KB

MD5
ebf0cce64e9be72af7ea61895b4be26f

SHA1
a582eaf94c6b02fb49da6d619bfcc169ade177ef

SHA256
d4cabd143cb6be0c40eec1c36403f02eb2eac449f32c12ba155fdc11ffd254a9

SHA512
dfe49aa9eba6d7f88ff515055058fd58951d2eacb83afe383ef0458217bdeae6d6f5d35b925f1087d927cc2ce59d66f6bf5a8e22d1290c4f5b3f562fc8d415dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe

Filesize
468KB

MD5
471e65271f8cbf20b07d6b445bcb0281

SHA1
aff6750da675fb77d59b348f294f253ae8e1fa4d

SHA256
4a0bb52f1a656524db606fe1dbbd64caff87862749151d76254f4fde3da7252b

SHA512
987f4164b541f124a87963ec3e0e58b5dfca6d046e3625772037c3dd914a6143c3c8098c1fbfd8cb221dfb91fbfcae49dd24d252c2d6cdf5e2936b49c9ebdda3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe

Filesize
468KB

MD5
814729f89ddccdb81397361cecc43c99

SHA1
05952ac99ae297d96cfd10139752865faf4ede5b

SHA256
57fe725b856b162c13d727f7c978d1af9a323cec410c1e6d070ad782549f4ce8

SHA512
c0e4831366f56f51c4788fd752a64806517beb1282addd6cadcc49bf40b3e64f9dbd132d03ed40f8dd89dc6287afef6fd1a28e03ce08b46a3d0fa60139cf8087

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe

Filesize
468KB

MD5
3d6d169ae923e3c8bbf3dadbaf677762

SHA1
20753488d50b75dcabe484e5e53e62e0cbf001a8

SHA256
27b4bef14bef8396a622395175df8faf1217796c4ef15f659fd3cbe533ed8047

SHA512
7d8d585957a20727f0ac9464eed953676160ba6cb9091cf9b3b6ac1b26fdec12feb2a3f397e370ecbfaaab0bcc6c179e431b406644799dc9b69ca63301beada2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe

Filesize
468KB

MD5
1d93f543c3421542bb673716b7ca09bb

SHA1
54eca78473457d88bd81e4909dd45072b5e447ed

SHA256
69fcb6d8f60c686b4f72cc30a43074736348843a62a8e6c149f117bd750ea92e

SHA512
83927483abffda67aa8d4122307f9d18cb37bfa44c36bd02866c35d6efe773a008e12b81a28fabdfb17b7687d291e6107a0a3dc7862238e53ac828bc3c0fbf9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe

Filesize
468KB

MD5
077f765227333ba05bbfb8df1f7323e3

SHA1
a7caeeaa4e48901d0a33da879a49f6920d12c6b6

SHA256
7c25ec913294103887dbdf0470011ab2b10b627c177081e706195b2c58bccdaf

SHA512
91a6dbaaf67fa6cfb982c16dc424061d2234e23c7d497cda3e457a86113a8e2e52a51a452bf6b3789f51cea450491ec98283d3774e4ff7c344e627ca8d3ff4fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe

Filesize
468KB

MD5
e7d892e7e51b947d49c9fec2f5f0f890

SHA1
938361ae45b667fd9e197ca60704f53288b9a916

SHA256
bc5f4b95cece13a51cf2cd86550f4e36c55efd4e63eb2071779acbd37f208919

SHA512
28daa447a7d3843c8c6831a64949f7378eeed1ca725fddffcee5c5444bfbda0cb0231396c611b83445369459aaf40aad310fcd629cd40afd9feb6643ae893e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe

Filesize
468KB

MD5
f008a50ddc7281409aae220647d77608

SHA1
327b62d2917525e56a6c4c42abad1863e54aa78b

SHA256
e348479845715676984642f4e9fff2d3b1225d1c3efdf10ece8cd62d77f0422f

SHA512
8c28f6f8ed85caa198a25062fb10aecd647170d85d190199aaafaaef5f2eaa502f3aff7018ecace181dafdb5cd07308ed2b288c86aa403c9daf84ee626e3ee9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe

Filesize
468KB

MD5
7ff1b75f9f991feb27cad769aac4563e

SHA1
ff9ca9ef041e3afdc2129717c5b987d2ecef595d

SHA256
cc11e3883d016efec68a646d065df2b4770fd0326157d78e5eee559f5916c380

SHA512
8573d4856fd2d6c7924f6bb55ed09e4ecd3065258a17d6f97f462671a2cfcc927b050dc497e8e242d4a9e02439d86c675c8ec58c4266e07ec7e6283be236a61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe

Filesize
468KB

MD5
d0af998c7cfcb9ed194cf7131cec480f

SHA1
c7c25eb523359b87f2e22801ef2406b493038a51

SHA256
bea6e10d79f118b79358af53d316355b6129795b8cdb9eb9193bafbeb94f3029

SHA512
69ba57abbddb8d36cd87bb9621f216b40c3b3d9e10fee5e015afd176454c35fc748d9a3c191357cf1431153570de5cae3bf5a1438c44fd0df188aaa98d3a3840

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe

Filesize
468KB

MD5
00b98f3dacd6d51db6217eb888e1b5ac

SHA1
11cc3a942b022f342408e993a36ec358cd3d9e89

SHA256
46b26109a61c8d3acbef720fd2f0457f7f8d90e21341456b369e6c329c236916

SHA512
0d22a1b5bd17308fb18f720377541489705ddd83e21f00be32b44f7a92a1ef01dbe22a3b8e8854e312e93961ff893b3d0f080a3402e73ef5e8d5b5cd447d4362

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe

Filesize
468KB

MD5
73ed647138654238a32958dcd6ac44d0

SHA1
a5f119f18d6ae694581f10892333441dc99e8a84

SHA256
2a850f59a0912e95464120c870e836b79453b7b88c5ddbcf05153a1a8b59c1d7

SHA512
ff183b3d40958bcff63788d4557fecc23816aeec28a8c444a184ceba9c8cec3202fa20f7d31f5401605924fd6d265f6df78da4196980a93a17ef62cb09d34f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49502.exe

Filesize
468KB

MD5
0d4bf83134ba708b8c8394e170baf429

SHA1
267e30eb1c8566f92c645071ab996375466b88c2

SHA256
d6f95ed6955020fb1f445ed750ea1b2dade0c899649b22584ed7e773bf7da9d6

SHA512
f265bbddb0a2a5e9de7ebd26578eec67e00608c8393cfbdbc69d19da2c2558835520c7d387b26c38a7283488cbd1615d76ca1dcb5edfc18a573777906b2bba6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe

Filesize
468KB

MD5
0e21c6a4b6b35edcbcbe734e50f75b9d

SHA1
a5451e495a501513d28bfe52c3672f9602845364

SHA256
6c83dde3e35a3a9dc6730b6efa7f7deb26568a5ec589ae6d6b239726fc40e3b7

SHA512
e484a616ed7fb82991a9809d3b5cee64b872011bb02267bbc0021e1b86da89d37da2d5c42a644b6453af18d11defe1cc8d7971909cfde2000c7009b6bbd8703e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe

Filesize
468KB

MD5
06252a7f1aa4a66ad48d22e10417ae87

SHA1
53ab102d4adffe1cbd4beebda1f804f3f348342d

SHA256
554541cfb6410a40eee57a23eee0c731008f9c54a4a57dc9c7b5baccb73a3fce

SHA512
be90ddbd8ce1fac9993345481286924623ddfee16c15c4030f52215af84192c4437abdb6110de87f443b877b95d07c914bb53b7a3ca464d21af9f775abd85b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe

Filesize
468KB

MD5
6fbc739ba41f48f62e0931caacae5bfa

SHA1
662bd7460838a7b21f5505a1858c720b47e8fd5d

SHA256
ba1d3dde6660fc580bbc6518f3fc57bd24079d7ae21f2f4ffed5e6d1162b75c8

SHA512
b125037c61760a7138907cf198076686fe77ef299ec74be44897f73a83dd78d7406ff02204b9533685b2d74f73b467465f125cceaea4529374a63351f06d4003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe

Filesize
468KB

MD5
b9ac67025ef5b56b760efefc567e14c3

SHA1
490675be1ec47e05c1cc7a6f87a5064796ccb947

SHA256
a5f964e4a3c368eac3b4434b70bf3836e1c1ec47ff8fdd7a62172deebbdac18b

SHA512
1afe525fc081fbd27426b0a2c013eb1298c349defe4bd88041582aa6863d2747756b9f4b1f881c847dfde7b05fd0cf0828b7a091e472860d4b361d0c5933130c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe

Filesize
468KB

MD5
23d1e4f17cf050aaebc3e1996f028a8c

SHA1
6c50d63cec0659896bf3a64970dea6a4f0542bb2

SHA256
9dd235efe03b94a57cfdd9791ab5132843c4d8440acd14e4412912748379172a

SHA512
40f69ee861d3e2555b4ae5842d5994eab7f6ea5f17450c0b6745b2a73daa48b88058218f3edf591c4895c0949f7a516fee5f0edd6589060e504590752e5ecad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe

Filesize
468KB

MD5
44344cdc76a89d8415965081e6646b77

SHA1
bf969c756a8c7d9003ca70475e713fa381e03e27

SHA256
0815b6381e3ef56d9f5415a9ccf3d206b27aafe737808a5b63379ad7f41a4fa6

SHA512
3ee20210387454b952a9a91bb83d83701ff58f821eb1b57271d7d5aaddc17384b694c053d4455d2ddb48643f3d4a12e39652f9c42c28b5be73c764aac9f62f27

Download Submit
memory/18640-3686-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads