412ce3e7480d94b5a955edd2a5047f755001b7ee256f6b2b92309376fcd2f46a

Analysis

max time kernel
110s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d7fba95d062b4195e117d7cba05cf10N.exe
Size

468KB
MD5

8d7fba95d062b4195e117d7cba05cf10
SHA1

3a09f8c8d0a183776e95eabf70f262d1d0dc4d29
SHA256

412ce3e7480d94b5a955edd2a5047f755001b7ee256f6b2b92309376fcd2f46a
SHA512

80a9e6be550a42e662ecce0003f8e797eedd72846345e8dfb269bed4b097233b876eb5c044695dfdfae173efbce87e4e73ac27b145e2ddbeb337178db8ed82ae
SSDEEP

3072:VPVjovOWI35vtbYZJg+5OfDVrPCiIqIpXlmHeVSItvlxvsIU9SkVB:VPBoIJvtmJT5Ofj0XXvlRdU9S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1172	Unicorn-64717.exe
2976	Unicorn-37089.exe
4892	Unicorn-47950.exe
5020	Unicorn-24583.exe
2268	Unicorn-22536.exe
1332	Unicorn-16415.exe
3344	Unicorn-25137.exe
4740	Unicorn-41879.exe
1528	Unicorn-45963.exe
644	Unicorn-13845.exe
1548	Unicorn-33711.exe
1400	Unicorn-33711.exe
2708	Unicorn-6803.exe
1988	Unicorn-21358.exe
2024	Unicorn-38349.exe
2580	Unicorn-41469.exe
4776	Unicorn-46108.exe
724	Unicorn-33109.exe
3052	Unicorn-63835.exe
2348	Unicorn-33109.exe
4264	Unicorn-25495.exe
4412	Unicorn-7789.exe
5068	Unicorn-56335.exe
4036	Unicorn-21524.exe
1696	Unicorn-18724.exe
4804	Unicorn-62465.exe
3976	Unicorn-62465.exe
4948	Unicorn-62465.exe
1020	Unicorn-62465.exe
2408	Unicorn-11873.exe
2924	Unicorn-31474.exe
3456	Unicorn-9756.exe
4476	Unicorn-14395.exe
4664	Unicorn-52735.exe
1340	Unicorn-5572.exe
4648	Unicorn-46897.exe
2300	Unicorn-46897.exe
1624	Unicorn-42813.exe
2204	Unicorn-45527.exe
888	Unicorn-25661.exe
1216	Unicorn-29745.exe
2840	Unicorn-35313.exe
2536	Unicorn-41997.exe
4040	Unicorn-12662.exe
3960	Unicorn-16747.exe
3812	Unicorn-43389.exe
4080	Unicorn-20565.exe
4984	Unicorn-20831.exe
4928	Unicorn-18693.exe
4944	Unicorn-49419.exe
4316	Unicorn-49419.exe
2360	Unicorn-32320.exe
4516	Unicorn-41805.exe
1804	Unicorn-65490.exe
2272	Unicorn-59625.exe
3108	Unicorn-40289.exe
4292	Unicorn-45890.exe
844	Unicorn-45890.exe
3988	Unicorn-45890.exe
3688	Unicorn-47373.exe
2892	Unicorn-25839.exe
408	Unicorn-64733.exe
4320	Unicorn-57120.exe
1656	Unicorn-11448.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
6808	2916	WerFault.exe	166
6768	4528	WerFault.exe	165
10336	6724	WerFault.exe	278
10832	696	WerFault.exe	267

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46367.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16700	dwm.exe
Token: SeChangeNotifyPrivilege	16700	dwm.exe
Token: 33	16700	dwm.exe
Token: SeIncBasePriorityPrivilege	16700	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
412	8d7fba95d062b4195e117d7cba05cf10N.exe
1172	Unicorn-64717.exe
4892	Unicorn-47950.exe
2976	Unicorn-37089.exe
2268	Unicorn-22536.exe
5020	Unicorn-24583.exe
1332	Unicorn-16415.exe
3344	Unicorn-25137.exe
1528	Unicorn-45963.exe
644	Unicorn-13845.exe
2708	Unicorn-6803.exe
1400	Unicorn-33711.exe
1548	Unicorn-33711.exe
1988	Unicorn-21358.exe
4740	Unicorn-41879.exe
2024	Unicorn-38349.exe
2580	Unicorn-41469.exe
4776	Unicorn-46108.exe
724	Unicorn-33109.exe
3052	Unicorn-63835.exe
2348	Unicorn-33109.exe
2408	Unicorn-11873.exe
1696	Unicorn-18724.exe
3976	Unicorn-62465.exe
2924	Unicorn-31474.exe
4036	Unicorn-21524.exe
4412	Unicorn-7789.exe
4804	Unicorn-62465.exe
4264	Unicorn-25495.exe
5068	Unicorn-56335.exe
1020	Unicorn-62465.exe
4948	Unicorn-62465.exe
3456	Unicorn-9756.exe
4476	Unicorn-14395.exe
4664	Unicorn-52735.exe
1340	Unicorn-5572.exe
4648	Unicorn-46897.exe
2300	Unicorn-46897.exe
1624	Unicorn-42813.exe
2204	Unicorn-45527.exe
888	Unicorn-25661.exe
1216	Unicorn-29745.exe
2536	Unicorn-41997.exe
2840	Unicorn-35313.exe
3960	Unicorn-16747.exe
4040	Unicorn-12662.exe
3812	Unicorn-43389.exe
4928	Unicorn-18693.exe
4080	Unicorn-20565.exe
4984	Unicorn-20831.exe
4944	Unicorn-49419.exe
4316	Unicorn-49419.exe
2360	Unicorn-32320.exe
3108	Unicorn-40289.exe
4516	Unicorn-41805.exe
2272	Unicorn-59625.exe
844	Unicorn-45890.exe
4292	Unicorn-45890.exe
3688	Unicorn-47373.exe
3988	Unicorn-45890.exe
1804	Unicorn-65490.exe
2892	Unicorn-25839.exe
4320	Unicorn-57120.exe
408	Unicorn-64733.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 1172	412	8d7fba95d062b4195e117d7cba05cf10N.exe	87
PID 412 wrote to memory of 1172	412	8d7fba95d062b4195e117d7cba05cf10N.exe	87
PID 412 wrote to memory of 1172	412	8d7fba95d062b4195e117d7cba05cf10N.exe	87
PID 1172 wrote to memory of 2976	1172	Unicorn-64717.exe	88
PID 1172 wrote to memory of 2976	1172	Unicorn-64717.exe	88
PID 1172 wrote to memory of 2976	1172	Unicorn-64717.exe	88
PID 412 wrote to memory of 4892	412	8d7fba95d062b4195e117d7cba05cf10N.exe	89
PID 412 wrote to memory of 4892	412	8d7fba95d062b4195e117d7cba05cf10N.exe	89
PID 412 wrote to memory of 4892	412	8d7fba95d062b4195e117d7cba05cf10N.exe	89
PID 4892 wrote to memory of 5020	4892	Unicorn-47950.exe	90
PID 4892 wrote to memory of 5020	4892	Unicorn-47950.exe	90
PID 4892 wrote to memory of 5020	4892	Unicorn-47950.exe	90
PID 412 wrote to memory of 2268	412	8d7fba95d062b4195e117d7cba05cf10N.exe	91
PID 412 wrote to memory of 2268	412	8d7fba95d062b4195e117d7cba05cf10N.exe	91
PID 412 wrote to memory of 2268	412	8d7fba95d062b4195e117d7cba05cf10N.exe	91
PID 2976 wrote to memory of 1332	2976	Unicorn-37089.exe	92
PID 2976 wrote to memory of 1332	2976	Unicorn-37089.exe	92
PID 2976 wrote to memory of 1332	2976	Unicorn-37089.exe	92
PID 1172 wrote to memory of 3344	1172	Unicorn-64717.exe	93
PID 1172 wrote to memory of 3344	1172	Unicorn-64717.exe	93
PID 1172 wrote to memory of 3344	1172	Unicorn-64717.exe	93
PID 2268 wrote to memory of 4740	2268	Unicorn-22536.exe	98
PID 2268 wrote to memory of 4740	2268	Unicorn-22536.exe	98
PID 2268 wrote to memory of 4740	2268	Unicorn-22536.exe	98
PID 1332 wrote to memory of 1528	1332	Unicorn-16415.exe	99
PID 1332 wrote to memory of 1528	1332	Unicorn-16415.exe	99
PID 1332 wrote to memory of 1528	1332	Unicorn-16415.exe	99
PID 2976 wrote to memory of 644	2976	Unicorn-37089.exe	100
PID 2976 wrote to memory of 644	2976	Unicorn-37089.exe	100
PID 2976 wrote to memory of 644	2976	Unicorn-37089.exe	100
PID 5020 wrote to memory of 1400	5020	Unicorn-24583.exe	102
PID 5020 wrote to memory of 1400	5020	Unicorn-24583.exe	102
PID 5020 wrote to memory of 1400	5020	Unicorn-24583.exe	102
PID 3344 wrote to memory of 1548	3344	Unicorn-25137.exe	101
PID 3344 wrote to memory of 1548	3344	Unicorn-25137.exe	101
PID 3344 wrote to memory of 1548	3344	Unicorn-25137.exe	101
PID 412 wrote to memory of 2708	412	8d7fba95d062b4195e117d7cba05cf10N.exe	103
PID 412 wrote to memory of 2708	412	8d7fba95d062b4195e117d7cba05cf10N.exe	103
PID 412 wrote to memory of 2708	412	8d7fba95d062b4195e117d7cba05cf10N.exe	103
PID 1172 wrote to memory of 1988	1172	Unicorn-64717.exe	104
PID 1172 wrote to memory of 1988	1172	Unicorn-64717.exe	104
PID 1172 wrote to memory of 1988	1172	Unicorn-64717.exe	104
PID 4892 wrote to memory of 2024	4892	Unicorn-47950.exe	105
PID 4892 wrote to memory of 2024	4892	Unicorn-47950.exe	105
PID 4892 wrote to memory of 2024	4892	Unicorn-47950.exe	105
PID 1528 wrote to memory of 2580	1528	Unicorn-45963.exe	107
PID 1528 wrote to memory of 2580	1528	Unicorn-45963.exe	107
PID 1528 wrote to memory of 2580	1528	Unicorn-45963.exe	107
PID 1332 wrote to memory of 4776	1332	Unicorn-16415.exe	108
PID 1332 wrote to memory of 4776	1332	Unicorn-16415.exe	108
PID 1332 wrote to memory of 4776	1332	Unicorn-16415.exe	108
PID 2708 wrote to memory of 724	2708	Unicorn-6803.exe	109
PID 2708 wrote to memory of 724	2708	Unicorn-6803.exe	109
PID 2708 wrote to memory of 724	2708	Unicorn-6803.exe	109
PID 1548 wrote to memory of 3052	1548	Unicorn-33711.exe	110
PID 1548 wrote to memory of 3052	1548	Unicorn-33711.exe	110
PID 1548 wrote to memory of 3052	1548	Unicorn-33711.exe	110
PID 644 wrote to memory of 2348	644	Unicorn-13845.exe	111
PID 644 wrote to memory of 2348	644	Unicorn-13845.exe	111
PID 644 wrote to memory of 2348	644	Unicorn-13845.exe	111
PID 3344 wrote to memory of 4264	3344	Unicorn-25137.exe	112
PID 3344 wrote to memory of 4264	3344	Unicorn-25137.exe	112
PID 3344 wrote to memory of 4264	3344	Unicorn-25137.exe	112
PID 4892 wrote to memory of 4036	4892	Unicorn-47950.exe	116

C:\Users\Admin\AppData\Local\Temp\8d7fba95d062b4195e117d7cba05cf10N.exe
"C:\Users\Admin\AppData\Local\Temp\8d7fba95d062b4195e117d7cba05cf10N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23291.exe
        9⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        11⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        11⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        11⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50156.exe
        10⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        10⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
        9⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        10⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        10⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        9⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        9⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        9⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        9⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        9⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
        9⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        9⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        9⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        10⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        10⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        10⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        9⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        9⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        9⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        9⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        8⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        8⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        9⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
        10⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        9⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        9⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
        9⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        9⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        7⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        7⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
        9⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        7⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        6⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        7⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        7⤵
        Executes dropped EXE
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        10⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        10⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        10⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        9⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        9⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        8⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        8⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        8⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        7⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        7⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        8⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        8⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        7⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19175.exe
        7⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        6⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        8⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        8⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        8⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13386.exe
        7⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6072.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        6⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13986.exe
        7⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        7⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        6⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        5⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        5⤵
        
        PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47769.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        9⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        9⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        9⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        8⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        6⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 632
        7⤵
        Program crash
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        7⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        6⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        9⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        8⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        8⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        7⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41101.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        6⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        7⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        7⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        6⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        6⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        6⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        8⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        9⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        9⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        7⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        7⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        7⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        6⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        6⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        6⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48525.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-678.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        6⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        6⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
      4⤵
      PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
      4⤵
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20336.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        10⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        9⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        9⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        8⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        8⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        8⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        9⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        9⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        9⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        8⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48288.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        7⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        6⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
        7⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        7⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        7⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        7⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        6⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        8⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        7⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        6⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        7⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        7⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        6⤵
        
        PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        7⤵
        
        PID:17712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        6⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        5⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        5⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        6⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        7⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        5⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        7⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        5⤵
        
        PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
      4⤵
      PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        7⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        6⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        6⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        6⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9446.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        5⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        5⤵
        
        PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30825.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        7⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        6⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
        6⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        5⤵
        
        PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        5⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      4⤵
      PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8043.exe
      4⤵
      PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
      4⤵
      PID:8868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        7⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        7⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        6⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15066.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        6⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        6⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21017.exe
        5⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
      4⤵
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        5⤵
        
        PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
      4⤵
      PID:16780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32320.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        5⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        5⤵
        
        PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
      4⤵
      PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
      4⤵
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
    3⤵
    PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
      4⤵
      PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        5⤵
        
        PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
      4⤵
      PID:8616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
    3⤵
    PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
    3⤵
    PID:11776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
    3⤵
    PID:15664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43467.exe
        8⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
        9⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        9⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
        8⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        8⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        8⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        8⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46098.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        6⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
        7⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49197.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        6⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        7⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        7⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        5⤵
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
        8⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        7⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        7⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        6⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        6⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        6⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        7⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        6⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        6⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        6⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        6⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
      4⤵
      PID:13296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        7⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        6⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        7⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        6⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        7⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        6⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        5⤵
        
        PID:696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 640
        6⤵
        Program crash
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65028.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        6⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
      4⤵
      PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        6⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54930.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        6⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        5⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        5⤵
        
        PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        6⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        5⤵
        
        PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64878.exe
      4⤵
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        5⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
      4⤵
      PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50592.exe
        5⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
      4⤵
      PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
      4⤵
      PID:17644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
      4⤵
      PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        5⤵
        
        PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31106.exe
      4⤵
      PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
      4⤵
      PID:12480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
    3⤵
    PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
    3⤵
    PID:10172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
    3⤵
    PID:17696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        7⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        6⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        6⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9455.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        7⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        5⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
      4⤵
      PID:12960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16711.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19158.exe
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26280.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        5⤵
        
        PID:6724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 716
        6⤵
        Program crash
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        5⤵
        
        PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
      4⤵
      PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
      4⤵
      PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        5⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        5⤵
        
        PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
      4⤵
      PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        5⤵
        
        PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
      4⤵
      PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
    3⤵
    PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
      4⤵
      PID:16112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
    3⤵
    PID:9676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21242.exe
    3⤵
    PID:13604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
    3⤵
    PID:1336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        5⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
        7⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47364.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18958.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        5⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 692
        5⤵
        Program crash
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65413.exe
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        5⤵
        
        PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
      4⤵
      PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
      4⤵
      PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10052.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63091.exe
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        5⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        5⤵
        
        PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        5⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        5⤵
        
        PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
      4⤵
      PID:16672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
      4⤵
      PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
      4⤵
      PID:7948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
    3⤵
    PID:8260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
    3⤵
    PID:12008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
    3⤵
    PID:15916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
    3⤵
    PID:18392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        5⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10679.exe
        5⤵
        
        PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        5⤵
        
        PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
      4⤵
      PID:13908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
      4⤵
      PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
    3⤵
    PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49387.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
    3⤵
    PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
      4⤵
      PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
      4⤵
      PID:17492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
    3⤵
    PID:10908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
    3⤵
    PID:4764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        5⤵
        
        PID:18020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
      4⤵
      PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
      4⤵
      PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
    3⤵
    PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
      4⤵
      PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
      4⤵
      PID:976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
    3⤵
    PID:9872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
    3⤵
    PID:13624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
  2⤵
  PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
    3⤵
    PID:11484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
    3⤵
    PID:15760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
    3⤵
    PID:8648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
  2⤵
  PID:7916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
    3⤵
    PID:14040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
    3⤵
    PID:17576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
  2⤵
  PID:11312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
  2⤵
  PID:15352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
  2⤵
  PID:17472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2916 -ip 2916
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4528 -ip 4528
1⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6724 -ip 6724
1⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 696 -ip 696
1⤵
PID:10160

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe

Filesize
468KB

MD5
5a4f9e5c8b6c01b163a635fd986990e1

SHA1
cf800eb620a65626b771bb06e3f26e24d57d6427

SHA256
30c031c396ffe8394279b4765c0bd9f2c16698526a2bb1e3c4cf98b04d2a44fb

SHA512
119b6a3bb0dd9903aa86fcb5ebeff70d12458e410caad270b857fb7dcc6c134cb3a4ef02e37ab4d9402fbb942b98ffa8d6e388a441980c583f2be75fe7604c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe

Filesize
468KB

MD5
8128015688fde6400f7f91fee3022dbf

SHA1
4fd110f0a4cec03b35ac139660b5d09d23f54603

SHA256
d60e83f644529c49079f0f5e0f167b875dc2693cd89dc49dfe2a0837d5fc2dfe

SHA512
982e91fee2565ea999e0ebed5866ab017dbe13fc5f82ead05c6845fd9017eb1228906c723b45d0f0792320144086f9c2c2a3ad1d0cb0d23ee6db57da41384be5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe

Filesize
468KB

MD5
decda70508774ced5171914467115efb

SHA1
b5c99ebac34a214904f379f6ef1e8c254f552a42

SHA256
74e237c7bbd299bc2a84c7a85382a300bdba9ec696fae6b14650266b614230e7

SHA512
0b09ca0a5ea02a917c38d381e85e6af086477b1e010878ebe7842212db0334ce01887b9c7fb84cd7c694101c7950f3da7cf92246feeab4207ae7a6b02fc86781

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe

Filesize
468KB

MD5
791b236bb28383da457d2b7ec7b418c4

SHA1
74319154936ee83ffaa929a8f281ff0ad1eef5b7

SHA256
f66b08c72d7f781c245cb73b21c33918df7d8843a311b142e46eb46137a16971

SHA512
4cd2f17a047f04d7112dcf2ccc5ba99a132296364571e0688c7aedcbd58b6c6f25f7db820f2c10ebedaa643171ed0956e71f53c0544230492d82e1b256adbc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe

Filesize
468KB

MD5
10ccc54cc9f6cbeb57b0d46a25bb8e3f

SHA1
8caaf383a1a5a1b474d2e92dab0aaa91a1de3857

SHA256
d1b4b7734409ae2dcb04f770480514b009f168d16d6635e015ca7d250b342f56

SHA512
d65f300a67a762dd8c7c6258f0f172bd639542adb0c483570ddf779e019bfdc46642d234e2f5a8cbe8564deccb03b25cce4a02de81bf569dc1882eefff34a885

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe

Filesize
468KB

MD5
1e6a0932708f3ce38185bb158c527e37

SHA1
4cd90fcda2ac3979e9420c1db15aab1edb93a141

SHA256
19f0e2c7fb9ef6cabee728ca1c72729a95e69299fffa2b3641c365cd5075438d

SHA512
005f5074f7bc46882122c9b9d7e74e2987ed412d45cd76c5c699716893e29aca17b839f1696c80061cb523448c780a5db788874aa0d992a3c74ebf33cbcd844b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe

Filesize
468KB

MD5
62b6388a745b67734c77507814cfb0d9

SHA1
18f640825dce22848cf9f857c799ff627a11275c

SHA256
1391f37061add93c48cf86e0ba6a4252a0cc345a3352264d36e42c2166906b28

SHA512
9e5daab02528624d88b93c2517d9fee44e788c5e02f353c25b46d10414d9523f6cfc450b9d6f8d416e0768343dd5f89a83723a827d6fba993a05acc56fcbbb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe

Filesize
468KB

MD5
6c78d4ef61fa27a06e9a76a720a60cb3

SHA1
d3c38b06dda2aada64599cc5d4159b02ba30199a

SHA256
954f8c694df0c82352d1599eec55f241f3241f781b34b328ca20f56094e7034f

SHA512
919a90df9203140949e2f2a63ac94f6b3ec51e70b9ec938a77e340d72e4c92b21bb07607714066045d01f1d5c6408574bfad3f198277f703651d391bffd8e4de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe

Filesize
468KB

MD5
c71e87d23bf6616c0109796e2190e97f

SHA1
e783090d8ea87bc4572b05ef21198ec1f93600c3

SHA256
85c81f62c22fa4fcfd995f0bb84d9828f98a8a98d48fc112415aed444c0014ef

SHA512
8bb7c7f3ca44ecd3c19c4556cea688f256dd871a2a99f8cff55fc3a1837d13593f54ad18b7954a66d821c43ca4e007eea3b5e2a3d19ea2a7f6212c73ef0b6446

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe

Filesize
468KB

MD5
7934a6f1d57d9f7bc7f652b8b5d8fb0b

SHA1
8bcf347f0a70ab7e31dc77ddced33c542e723b31

SHA256
e8844a275641ec987145b61c319676013e1e5570656b66e2b10b3bd4b1a3fe16

SHA512
5ff7a419691d5ad92153d928e243c7b90542245eb5ef576cdf6b54e9ee6c078b3413a16893af25fee1ec3300695b66ae301d569e5ec37450ef6cc6f6c973c0c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe

Filesize
468KB

MD5
c4594e8fa2dcf6a7bce8c90f8a20c6cc

SHA1
a1b282c61cd32b2b4c3a6b58f457131f232d91f4

SHA256
29449c1e20703cffce827b43183d58b5fa3da5c9db654e8fa47b39e213f63862

SHA512
fa23f766f4046650c86c3b0e5989f87e9ac674c663894981b153566ce1f9b260fea76d2da1d4b2ae0aff7295c1e26a3bd368ae3b2ae39951ec233de990f262be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe

Filesize
468KB

MD5
958c447c86a4bbad22aa12e9ec157913

SHA1
878e86ff5a436037f076c18b9fe2bd3b488ee136

SHA256
53ca9441fb89cdea4bb0429b18e5c34e175eac1b407f27449b05ac6066843bcf

SHA512
6c0dd096d65085567314cb64e484cef6568a614fc099a8e3da082ef58bbc040a17860c4d1dec3ef1f5d801cefe70b59c3171404603503df65c2b5ce7f486bbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe

Filesize
468KB

MD5
b85bf50548eb282481bf4ad7358f12e8

SHA1
109ea1cde1936c2d99a4b8847f61ddff596d9045

SHA256
01acffb5ce62d54136822fab1b060dc3b3caf4dbd90200efe5a564c647a573d6

SHA512
851625a216d6bed415aff5b5668e4699f2ebe211aff6ae00efd83865c3a5a8a750e672c2d4158e3c0852c43622b874bcb3261a7a096c8893208feaaf6b048cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe

Filesize
468KB

MD5
ca3597c35da565031e0265984317f9df

SHA1
27d8528c50aa0e31e3e8ca2d5bacfda74a7aa751

SHA256
2ed145da93e4172d6450149bff1640c79b0459e332ac271451f2a78d82654ff6

SHA512
52c8e454bb18c4243d69c764960b7a1db25d6a45d49063095bef32d9cfe45c773ede03bc71df0349c9b0fe8787d55791d475ee266207c91d048993b3fd20f936

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe

Filesize
468KB

MD5
484cd575a0158fcf80486740456672f8

SHA1
7f02599eb21fccf831af0d78b2e157d332de29db

SHA256
7ac528f29fab6fd27eb21d78a5124370924b562b35950357f1ab56a8ad58e2d9

SHA512
fbf5fe6cf1fde9342f39ace58cd9d6204be317ba60170dd1610fdd9d709d7d35a4048227f3abded130bdb9d44b044bac09536a7ec4fd20d98c40a3be6c5931a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe

Filesize
468KB

MD5
8753c5656fbb6114914d01e4fbe3db2d

SHA1
d7705554ae074bc80c7297c0cbc378800030898f

SHA256
69cc65094cb13daa3c8268a094359efee7a39af5cc7696fed683877eb5549a93

SHA512
d2dc8d14e291f89ccbc49ac52d9e9244711f01df376bc004680bd0405326016cdae16606f447c0f137235dae8d6020251f857f530fab1537ace087439f5ff46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe

Filesize
468KB

MD5
333a8e2c75282a454d9e57736e0ed857

SHA1
d9aece40a2d81e1af3c21f6934f818d9b895cc0c

SHA256
9e50fbd936630280d10ab3b9b884daf030532d53385fbcfeacdf3eba1e57b5d1

SHA512
fb803f7ba4c0a8d7ea87425e6c962677e2b6e3fb4ee15c173525b2533089710407c258110a948f9359a021b14dd8eadb9a23ffbdf32981199e925f1021e4b5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe

Filesize
468KB

MD5
148932298557828401b1b2fd5db4b6c2

SHA1
cf72c5148004ede985f81ff7d305567c44d111e1

SHA256
cd89f18fdfcf7481aacb1a25b7b9410f41912387172240c0ebe236304ca3f3db

SHA512
9d64ee6ddb4c9774004dd68a860be1f17f4c4d20e771ed031135340f775900a9da7d5136bd76297fb98a93c923bb0ff0f9639b9a75325a6fe8b7e3f94eb39204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe

Filesize
468KB

MD5
c74f237531a62f8685707a4b8b8114f2

SHA1
6221384d5abfcd49b36e1e4e0c86151d7ff677ad

SHA256
0ad431ebea751a17c403f42c9d4cb9d9a16a6d9180ea2f57c7a3b1970da32d16

SHA512
472ee517d19c7d8baf6f563b5c3ffdbb47ad99092e208659ade768f0160ac3a3578b89fc53cc8852419a653cfa7c9057dd466e341ae6d328f2d97596416cceac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe

Filesize
468KB

MD5
2b85788c23c19d1d08058201023d66b7

SHA1
41eadb80d4d61c1c4142a5b9a1542a1680b00ee9

SHA256
38912f8cdb9db6fe1d5500b966ea91e188eb48049a1206dbda4483d2dc07efdf

SHA512
3de184bb6d56b0c6d312de349f6c7acf78c526c90eeae21d2b7ba5a355bc6935cd34d0745203b9e59b964a3b3317edb5dbd3a4505bbe42bfd9f25e3d0551904e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe

Filesize
468KB

MD5
5ab96ed0ec0f650ade0783e6c9389966

SHA1
8e11a085cee8f9c9f16eb5b41a609946db953f53

SHA256
7fdf216d695d6d1172b69970473c718cd4776ee612962dd34d37a721de91e4bc

SHA512
137213edbcffb03dca248545899ade1912c9e37a733d5d76664d62e28c527fe551408a907378ee493e5d0a6bf31dc89c48174dd27e513b23955f849acec3f779

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe

Filesize
468KB

MD5
76ff115fd73c446d185c362fa5e8dca7

SHA1
50f3d55c3a15ad154cf1a45937c6f5888cc157fb

SHA256
bc7075aa046cbccedf7d01f0676b15f4e52e1eeb02fb07dc1ed4b08cf251f14d

SHA512
313127f79205d294fa8360ed25c44dac6a1cd600f2c6df1c7cb798ac63ecaeb615eaaaf8f2db408147d88e622d406ff34f0b06122bdd263dfc43753475243fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe

Filesize
468KB

MD5
079bde24a5b40d940e1165a7cad1e71b

SHA1
3174468cfa61de1b805763c9747a64b49bb7e8e8

SHA256
b124e5b319c861b4c4e45f51e29a4a2f37e529e6ef01cf6cfe729c764e8d6165

SHA512
1d6c3e6e19ded1f3877bef09fa996af82d6f03ccb4f3fd5bc35bd13ec09464844e313743df8d8e9716ff325b4cd500f25c9c90ff606fbb81c0632dd4294bb1e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe

Filesize
468KB

MD5
3b3729c2b3d08ac7fbedea287fc504ad

SHA1
1e841da9b0fd756840582baefae3ce5f91aa0a34

SHA256
c3d8d95e68207df1e7b568c95a21f5d76accf6216b83d1203ac5c325aeacb4e0

SHA512
f3ea8b87ab373cb7e64c4e7a5908aee161d83d05e57d9c4c9c895d3438007151f240e5fb9d2d3088f8e040ed9370915c710ae02c777137f3acdc251b804712c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe

Filesize
468KB

MD5
d68390b9462b8238bd26bcb54ca676d6

SHA1
0b16bb480e1687f0a349923e32cd6f0d503e5c85

SHA256
dcc92cebfd09dfb7148a076631849172f215972bf2f33f3c6a0e9e762274afab

SHA512
c6b696eacb985182d4c90c8ef79e6095f694dcd208d3aa38618ece19497e8c113c76dafea372f6acdab8e10a2036847cb1ea7254ef77556d5477490d5ccf21cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe

Filesize
468KB

MD5
c8cc991ee51ebcf5b26c5b0d2dcf44ce

SHA1
8840aaa213e011b1a1ac650c18370244ffe8f615

SHA256
694831a767f41791a0f7ae4a76549ba972a1624cf16805f01844a696af7bf666

SHA512
ff11241d8edcba00101a810d875a30f8d0f922358e9ba0c8e688eac98020267d7c2d02e9274236e008775ed8c05e35317dba1994b21d4a6a96d77b125ea2af71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe

Filesize
468KB

MD5
9cbc082b0f47e2e1f70563e3ed64d41d

SHA1
e36aa2b1a042bcb70ba776e34f3554cdf416709c

SHA256
cbcd74b6b3d7b3023bdcc43adb28af55169f26a209b5f8254cc9f3e5b0d1d570

SHA512
0cbe25743a40b8c41e044a0aa5f9f9577c8771877dd473c59b62173362bab8a32861d32c8c37e971420fb82b177ff144248034d3ac78ef55096d62fc052069c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe

Filesize
468KB

MD5
c411ad5054bad26b9936f2d3963c590f

SHA1
8639c138bf3b25bb827202e8ec415550fb2389f9

SHA256
60ea38befd6905454ee620f9def172036b5439bb41979a09eabfcf24bccdf43f

SHA512
ad6ad701f251f82aac1ade5991b763cb996f5df05d348dc8f2d608f82816b27bf524561663f05047f0375bd1f1fa7c9cda6e6b4f16cab587f3b1c50b567e31e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe

Filesize
468KB

MD5
2212f1d8d186c098b802e3377cf9d3a3

SHA1
a1016d71a2a8ca6f3ce69928cdbdf378e0e99ec5

SHA256
3ed17478c17f825b09a183f508bbe1a0457f60f59dc72bf3b6c03ddd2bf5a701

SHA512
41fb67c852e8ef65cf43f24f0708fb6651b82db3457b95579009de8934bb244e2f8c9e9278a2a0e7135af05a9cd2d16e3f769e822ee4e6ff9791f5821eb27f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe

Filesize
468KB

MD5
323479e8f790a4248aedc9e50a624029

SHA1
75e6964cda7c8d8d740547e760117a19b9af5ead

SHA256
70c9e47dc47c8bdc5b9c362945106995c5295f797a80b7ea99227168b4aa5d39

SHA512
c68075e7f32b81864b3a1f743179eaf53b0df797d75bd6ac9a26a722bdf52ff4807f29d03017194f1d63f9f2d4da654b76f45edffb5d7229aa53e5df972c980a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe

Filesize
468KB

MD5
1b7efa456c58aa7c2b5cbe29d486ed9f

SHA1
b46dd1480a6f86831639b78851192b4c0232be74

SHA256
75eecd807b5aa604cef57d2e1e18005bcd03cd935f65b948bf30ae7c7e38c9d2

SHA512
33ec3525aadd5777fe11066234e56b6eb95a753ec7453b1734bb8f3bad0c5e27ee0cf1a27b237a12c890715792bdac856cd9f71ea107d47fd7a6967834a62270

Download Submit
memory/1400-2729-0x0000000076250000-0x0000000076465000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads