9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe
Size

468KB
MD5

e29bc6d68501d6d34b30c903bb386912
SHA1

15c18802fcd3c4524f00fd4e6aaa31c6bc726c6d
SHA256

9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7
SHA512

8901b8a212ae44d3b3676d735b3e6617e385712724a2c4bf88610e55880404326ee44231736ccca019f12fda3143e108088ab29fe7237c6fd7bc14b836049b0d
SSDEEP

3072:YWACogMFjb8y2bYRUz54ff8jEC2j4ICCgmHebVoaqh53JMWzmHly:YW1oXYy2uU14ffAXHNqhBCWzm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4156	Unicorn-57613.exe
2140	Unicorn-11986.exe
2188	Unicorn-9142.exe
3204	Unicorn-43731.exe
3772	Unicorn-60752.exe
3428	Unicorn-37409.exe
1716	Unicorn-23673.exe
3404	Unicorn-29931.exe
1028	Unicorn-58685.exe
3936	Unicorn-11285.exe
4260	Unicorn-63641.exe
4612	Unicorn-23979.exe
3236	Unicorn-23714.exe
2592	Unicorn-25986.exe
1588	Unicorn-9955.exe
2632	Unicorn-8917.exe
984	Unicorn-54397.exe
1340	Unicorn-16619.exe
4860	Unicorn-1059.exe
2720	Unicorn-34268.exe
3648	Unicorn-51865.exe
3112	Unicorn-20457.exe
452	Unicorn-26323.exe
1556	Unicorn-26588.exe
1528	Unicorn-26588.exe
3620	Unicorn-6530.exe
2384	Unicorn-17657.exe
4800	Unicorn-20043.exe
2332	Unicorn-26588.exe
3420	Unicorn-64214.exe
2016	Unicorn-7234.exe
4672	Unicorn-27100.exe
372	Unicorn-64441.exe
3924	Unicorn-44889.exe
2868	Unicorn-44889.exe
2168	Unicorn-62221.exe
1964	Unicorn-42620.exe
4236	Unicorn-59833.exe
3708	Unicorn-2434.exe
2316	Unicorn-57878.exe
4644	Unicorn-36476.exe
4304	Unicorn-41625.exe
4620	Unicorn-1962.exe
3672	Unicorn-5689.exe
2668	Unicorn-19420.exe
4520	Unicorn-65091.exe
2436	Unicorn-19228.exe
1420	Unicorn-54541.exe
3560	Unicorn-41489.exe
4592	Unicorn-61355.exe
4300	Unicorn-29542.exe
3396	Unicorn-10203.exe
5096	Unicorn-27801.exe
3220	Unicorn-10011.exe
4544	Unicorn-8127.exe
4920	Unicorn-21862.exe
4536	Unicorn-20124.exe
1916	Unicorn-25724.exe
1992	Unicorn-61462.exe
3636	Unicorn-34457.exe
836	Unicorn-52246.exe
2348	Unicorn-746.exe
3984	Unicorn-56854.exe
4412	Unicorn-12059.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
7900	6204	WerFault.exe	243
6892	5488	WerFault.exe	189
7332	6756	WerFault.exe	301
8600	6756	WerFault.exe	301
11020	6784	WerFault.exe	251

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6735.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
10588	Process not Found
7504	Process not Found
10608	Process not Found
8916	Process not Found
7624	Process not Found
2948	Process not Found
6536	Process not Found
10564	Process not Found
10680	Process not Found
12560	Process not Found
8264	Process not Found
8704	Process not Found
7516	Process not Found
7556	Process not Found
7384	Process not Found
7380	Process not Found
12464	Process not Found
7840	Process not Found
7676	Process not Found
10956	Process not Found
10960	Process not Found
10972	Process not Found
8980	Process not Found
10984	Process not Found
464	Process not Found
6720	Process not Found
6752	Process not Found
6768	Process not Found
5444	Process not Found
2444	Process not Found
11008	Process not Found
6316	Process not Found
8340	Process not Found
1464	Process not Found
7828	Process not Found
8616	Process not Found
1780	Process not Found
9132	Process not Found
6376	Process not Found
3240	Process not Found
6204	Process not Found
9008	Process not Found
16676	Process not Found
11212	Process not Found
6872	Process not Found
8592	Process not Found
9224	Process not Found
8956	Process not Found
7020	Process not Found
5588	Process not Found
7628	Process not Found
10704	Process not Found
6844	Process not Found
6764	Process not Found
7360	Process not Found
17448	Process not Found
7424	Process not Found
7460	Process not Found
7688	Process not Found
8964	Process not Found
10816	Process not Found
7484	Process not Found
10520	Process not Found
10524	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16428	dwm.exe
Token: SeChangeNotifyPrivilege	16428	dwm.exe
Token: 33	16428	dwm.exe
Token: SeIncBasePriorityPrivilege	16428	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe
4156	Unicorn-57613.exe
2188	Unicorn-9142.exe
2140	Unicorn-11986.exe
3204	Unicorn-43731.exe
3772	Unicorn-60752.exe
3428	Unicorn-37409.exe
1716	Unicorn-23673.exe
3404	Unicorn-29931.exe
1028	Unicorn-58685.exe
3236	Unicorn-23714.exe
3936	Unicorn-11285.exe
1588	Unicorn-9955.exe
2592	Unicorn-25986.exe
4612	Unicorn-23979.exe
4260	Unicorn-63641.exe
2632	Unicorn-8917.exe
984	Unicorn-54397.exe
1340	Unicorn-16619.exe
4860	Unicorn-1059.exe
2720	Unicorn-34268.exe
3648	Unicorn-51865.exe
452	Unicorn-26323.exe
1528	Unicorn-26588.exe
3620	Unicorn-6530.exe
3112	Unicorn-20457.exe
4800	Unicorn-20043.exe
1556	Unicorn-26588.exe
2332	Unicorn-26588.exe
2384	Unicorn-17657.exe
3420	Unicorn-64214.exe
4672	Unicorn-27100.exe
2016	Unicorn-7234.exe
2168	Unicorn-62221.exe
372	Unicorn-64441.exe
2868	Unicorn-44889.exe
3924	Unicorn-44889.exe
1964	Unicorn-42620.exe
4236	Unicorn-59833.exe
3708	Unicorn-2434.exe
2316	Unicorn-57878.exe
4644	Unicorn-36476.exe
4304	Unicorn-41625.exe
4620	Unicorn-1962.exe
3672	Unicorn-5689.exe
2668	Unicorn-19420.exe
2436	Unicorn-19228.exe
4592	Unicorn-61355.exe
3560	Unicorn-41489.exe
1420	Unicorn-54541.exe
4520	Unicorn-65091.exe
4300	Unicorn-29542.exe
3396	Unicorn-10203.exe
4544	Unicorn-8127.exe
4536	Unicorn-20124.exe
3220	Unicorn-10011.exe
4920	Unicorn-21862.exe
1916	Unicorn-25724.exe
5096	Unicorn-27801.exe
1992	Unicorn-61462.exe
3636	Unicorn-34457.exe
836	Unicorn-52246.exe
2348	Unicorn-746.exe
3984	Unicorn-56854.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4156	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	82
PID 4220 wrote to memory of 4156	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	82
PID 4220 wrote to memory of 4156	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	82
PID 4156 wrote to memory of 2140	4156	Unicorn-57613.exe	83
PID 4156 wrote to memory of 2140	4156	Unicorn-57613.exe	83
PID 4156 wrote to memory of 2140	4156	Unicorn-57613.exe	83
PID 4220 wrote to memory of 2188	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	84
PID 4220 wrote to memory of 2188	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	84
PID 4220 wrote to memory of 2188	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	84
PID 2188 wrote to memory of 3204	2188	Unicorn-9142.exe	89
PID 2188 wrote to memory of 3204	2188	Unicorn-9142.exe	89
PID 2188 wrote to memory of 3204	2188	Unicorn-9142.exe	89
PID 2140 wrote to memory of 3772	2140	Unicorn-11986.exe	90
PID 2140 wrote to memory of 3772	2140	Unicorn-11986.exe	90
PID 2140 wrote to memory of 3772	2140	Unicorn-11986.exe	90
PID 4220 wrote to memory of 3428	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	91
PID 4220 wrote to memory of 3428	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	91
PID 4220 wrote to memory of 3428	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	91
PID 4156 wrote to memory of 1716	4156	Unicorn-57613.exe	92
PID 4156 wrote to memory of 1716	4156	Unicorn-57613.exe	92
PID 4156 wrote to memory of 1716	4156	Unicorn-57613.exe	92
PID 3204 wrote to memory of 3404	3204	Unicorn-43731.exe	94
PID 3204 wrote to memory of 3404	3204	Unicorn-43731.exe	94
PID 3204 wrote to memory of 3404	3204	Unicorn-43731.exe	94
PID 2188 wrote to memory of 1028	2188	Unicorn-9142.exe	95
PID 2188 wrote to memory of 1028	2188	Unicorn-9142.exe	95
PID 2188 wrote to memory of 1028	2188	Unicorn-9142.exe	95
PID 3428 wrote to memory of 3936	3428	Unicorn-37409.exe	96
PID 3428 wrote to memory of 3936	3428	Unicorn-37409.exe	96
PID 3428 wrote to memory of 3936	3428	Unicorn-37409.exe	96
PID 3772 wrote to memory of 4260	3772	Unicorn-60752.exe	97
PID 3772 wrote to memory of 4260	3772	Unicorn-60752.exe	97
PID 3772 wrote to memory of 4260	3772	Unicorn-60752.exe	97
PID 4220 wrote to memory of 3236	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	98
PID 4220 wrote to memory of 3236	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	98
PID 4220 wrote to memory of 3236	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	98
PID 1716 wrote to memory of 4612	1716	Unicorn-23673.exe	99
PID 1716 wrote to memory of 4612	1716	Unicorn-23673.exe	99
PID 1716 wrote to memory of 4612	1716	Unicorn-23673.exe	99
PID 2140 wrote to memory of 2592	2140	Unicorn-11986.exe	100
PID 2140 wrote to memory of 2592	2140	Unicorn-11986.exe	100
PID 2140 wrote to memory of 2592	2140	Unicorn-11986.exe	100
PID 4156 wrote to memory of 1588	4156	Unicorn-57613.exe	101
PID 4156 wrote to memory of 1588	4156	Unicorn-57613.exe	101
PID 4156 wrote to memory of 1588	4156	Unicorn-57613.exe	101
PID 3404 wrote to memory of 2632	3404	Unicorn-29931.exe	104
PID 3404 wrote to memory of 2632	3404	Unicorn-29931.exe	104
PID 3404 wrote to memory of 2632	3404	Unicorn-29931.exe	104
PID 3204 wrote to memory of 984	3204	Unicorn-43731.exe	105
PID 3204 wrote to memory of 984	3204	Unicorn-43731.exe	105
PID 3204 wrote to memory of 984	3204	Unicorn-43731.exe	105
PID 1028 wrote to memory of 1340	1028	Unicorn-58685.exe	106
PID 1028 wrote to memory of 1340	1028	Unicorn-58685.exe	106
PID 1028 wrote to memory of 1340	1028	Unicorn-58685.exe	106
PID 2188 wrote to memory of 4860	2188	Unicorn-9142.exe	107
PID 2188 wrote to memory of 4860	2188	Unicorn-9142.exe	107
PID 2188 wrote to memory of 4860	2188	Unicorn-9142.exe	107
PID 1588 wrote to memory of 2720	1588	Unicorn-9955.exe	108
PID 1588 wrote to memory of 2720	1588	Unicorn-9955.exe	108
PID 1588 wrote to memory of 2720	1588	Unicorn-9955.exe	108
PID 3236 wrote to memory of 3648	3236	Unicorn-23714.exe	109
PID 3236 wrote to memory of 3648	3236	Unicorn-23714.exe	109
PID 3236 wrote to memory of 3648	3236	Unicorn-23714.exe	109
PID 4220 wrote to memory of 2384	4220	9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe	110

C:\Users\Admin\AppData\Local\Temp\9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe
"C:\Users\Admin\AppData\Local\Temp\9b282d378d8856eccad78237329037e95b7767e4031817122ba8f1c20b84dbd7.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        9⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44413.exe
        9⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        9⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        9⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        9⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        9⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        8⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        8⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
        7⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
        7⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        6⤵
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        9⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
        8⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        6⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        7⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        7⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30669.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        7⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        9⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        9⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        8⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        8⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        7⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        7⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        7⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        6⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        7⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        6⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        6⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 644
        7⤵
        Program crash
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2175.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        7⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        7⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        6⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        8⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        6⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 492
        7⤵
        Program crash
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        5⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48604.exe
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        5⤵
        
        PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        7⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        7⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        5⤵
        
        PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
      4⤵
      PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
      4⤵
      PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27903.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
      4⤵
      PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        9⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        9⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        9⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        8⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        7⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        8⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        7⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        6⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        8⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        7⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        7⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5603.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        6⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12323.exe
        7⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        6⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
        6⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        6⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7842.exe
      4⤵
      PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        6⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        9⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        9⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        8⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        7⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        8⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        7⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        7⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47229.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        5⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        5⤵
        
        PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        5⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        7⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 468
        8⤵
        Program crash
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 424
        8⤵
        Program crash
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        6⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        6⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
      4⤵
      PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      4⤵
      PID:11516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
      4⤵
      PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
        5⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        7⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        6⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1867.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        6⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        5⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8117.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        5⤵
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
      4⤵
      PID:10992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        6⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        5⤵
        
        PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
      4⤵
      PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
      4⤵
      PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
      4⤵
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
    3⤵
    PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
      4⤵
      PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
    3⤵
    PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
      4⤵
      PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
      4⤵
      PID:3288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
    3⤵
    PID:11384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
    3⤵
    PID:16144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        10⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        10⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        9⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        9⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        9⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        9⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
        8⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        9⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        9⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
        6⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        8⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        9⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        7⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39961.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        9⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        9⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        9⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        9⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        9⤵
        
        PID:17732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        8⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        8⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        8⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19212.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        5⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        7⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        6⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        5⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        9⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        9⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        8⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        8⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        6⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        7⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        6⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        8⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        7⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        7⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        7⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        6⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        7⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        6⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        5⤵
        Executes dropped EXE
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        8⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
        7⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        7⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        6⤵
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12323.exe
        6⤵
        
        PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6966.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        6⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        5⤵
        
        PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37157.exe
      4⤵
      PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
      4⤵
      PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
      4⤵
      PID:8280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-984.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        7⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        6⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56275.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        5⤵
        
        PID:17792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        5⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        8⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        5⤵
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        5⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        5⤵
        
        PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        5⤵
        
        PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
      4⤵
      PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
      4⤵
      PID:15888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        8⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6499.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        7⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        7⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        6⤵
        
        PID:11692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30133.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        5⤵
        
        PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
      4⤵
      PID:8256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62221.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16277.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        5⤵
        
        PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
      4⤵
      PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
      4⤵
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
      4⤵
      PID:7320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        5⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
      4⤵
      PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
      4⤵
      PID:17460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
    3⤵
    PID:10148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
    3⤵
    PID:13380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
    3⤵
    PID:2996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        6⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        8⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        7⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        7⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        6⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        7⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
        5⤵
        
        PID:18108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
      4⤵
      PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
      4⤵
      PID:8480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        6⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        6⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        5⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
      4⤵
      PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
      4⤵
      PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
      4⤵
      PID:8312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9734.exe
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25724.exe
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8645.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34067.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
    3⤵
    PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
      4⤵
      PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
      4⤵
      PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
    3⤵
    PID:8292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
    3⤵
    PID:13260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
    3⤵
    PID:16684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        8⤵
        
        PID:17724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 660
        7⤵
        Program crash
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        5⤵
        
        PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        6⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54144.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        5⤵
        
        PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
      4⤵
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      4⤵
      PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
      4⤵
      PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        6⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
    3⤵
    PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        5⤵
        
        PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
    3⤵
    PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64735.exe
      4⤵
      PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
    3⤵
    PID:11636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
    3⤵
    PID:17552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
      4⤵
      PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48214.exe
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
      4⤵
      PID:15524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        5⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        5⤵
        
        PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
    3⤵
    PID:7976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
    3⤵
    PID:13496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
    3⤵
    PID:16836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
    3⤵
    PID:6396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        5⤵
        
        PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
      4⤵
      PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
    3⤵
    PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
    3⤵
    PID:11476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
    3⤵
    PID:16020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
    3⤵
    PID:8484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
  2⤵
  PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
    3⤵
    PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
      4⤵
      PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
      4⤵
      PID:17876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
    3⤵
    PID:11640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
    3⤵
    PID:16028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22955.exe
  2⤵
  PID:8056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
    3⤵
    PID:11224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
    3⤵
    PID:3660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
  2⤵
  PID:10756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
  2⤵
  PID:16120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5488 -ip 5488
1⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6204 -ip 6204
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6756 -ip 6756
1⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6756 -ip 6756
1⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6784 -ip 6784
1⤵
PID:11136

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16428

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:10008

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:6272

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:9960

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:844

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:10436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:10572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe

Filesize
468KB

MD5
7800a0ac825169e309db56ff991370ee

SHA1
337d61071c3472956d98957ca65519bdc98a3b6a

SHA256
06ad7c05cd4edac00e2b52412db663329b091641aab43664fad03c996b627766

SHA512
f51fcce89ae1499f7e32bdce93f6c87ef339f8269fdf8d5bc5fe92123e979239d95a327377ceba1cf5fc82f6faa1bf8ee908e53aa00eccb0bf5d7fd80620aee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe

Filesize
468KB

MD5
22a79a7e6f7c7dd1cfd9a4e1e961a0f0

SHA1
74422fde48ad1670aab98a680a5bf352018dc45a

SHA256
ca4b608aa6250733ea45a2d25e12a0752736e902116e29b66d7f6647e7348bf9

SHA512
fb1d6c395c6cd1edceca04672da90ce20ea191422780b993173f75a53de058883d3f1f5d07d3ad9731043ba7c17f675f92fcb5c5d6d6c23f291e6cb9a71351d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe

Filesize
468KB

MD5
b99433492a5a1cdda0e0ad08ba4a3b4e

SHA1
7593a02eb88ab7ba4fe24bd1a8e0065a3aa68d2a

SHA256
2b91e8a9920e486dfa6dc9b2ab02f9d0df484e526b2899da4b211f46380a8ba0

SHA512
aef47c29b043a53133d98b66b8b6ce143da77e591342c6226cdb80d9a973d0920c8d7976d9e2f60a1d61b99c9de22df0b72f53af0fc7d86766e8652a2c786eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe

Filesize
468KB

MD5
c63b41e1e9e472786abe5420f5521cbe

SHA1
96b72ebce0f6e45c0ebabcf57f388675fc28977a

SHA256
483baf41698316fe3f696ce239d33c5ab26a3d9f152a27980abde1e9b7a10c55

SHA512
cd45340c9f369db813870a4c64e58a2535ae0d537ef1e3b68dee62ee0d1499a8125f9d89c9507a7eae679979d17e4a881bf0306d6af06e05ac7ecd6a51aa0e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe

Filesize
468KB

MD5
0959cd0993049b1edb930f30833ca132

SHA1
6ca4c7248f42819606bc4d9e71fdf347c6ba7886

SHA256
5fa8e4e42847e454cc59e422683018bfa34e60cc6b3346cc335dcc82a10e11cc

SHA512
669fc3315f04e859a8eced61ba84ac068a685e4ae57863e9c1dcab11fa1188ead121065e92184101a6ea80c4d2be925ea9b46206e7cda8990c92a06251a49baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe

Filesize
468KB

MD5
9b2e76de9af6c844223ce65b88869b24

SHA1
17dbb329e5693a01f6a0544500a956faeffe76fc

SHA256
2653e01cdd9ea342d4743b7837957307f9561dbfaea2fbe4fe3fc63ef000d731

SHA512
ad26090384b5cabe31314132f46290e8e03aa1b869c919578463a268b81cd8c2a8e92dba93441367fb20953d124696d50512fced9fcac3b8707230fb665f7563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe

Filesize
468KB

MD5
acc0d95db2fdf14677a3c253efbcb667

SHA1
adcc4a86b2ca190088dc24f9e85aed51cb765e49

SHA256
5f4479a9df5b5b5473d664e7fa0c6fe7234e275ddc9e84c983daa39b2f361c50

SHA512
69012dbcd7f348a98981e1fbae68306354f00ccfce9aea18c69a06eaf7a453ca4c9af9e45148a2042fabba2e88a5f37c266b3f61cf951ecaf94d8af4409b7980

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe

Filesize
468KB

MD5
d0151396e1fd1c09ca035ca28f721e31

SHA1
7a27d3ccdbd6c33c89eb79c4677f68467e16cf12

SHA256
49005b543fe79b975dd7a0c0962fd7dbc2242dacb3d211851d263ebed33d4940

SHA512
93563b8b63f90b62997b22aaf82da9b033cf19414f50e04d7228a4f1622975fc4e3bc941c3435cd990d9a47aa03c3b0f6976dcc5fed0a3a25ff4ac1f2edd3fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe

Filesize
468KB

MD5
f73af21122bd3dd8a16daf57d54cd1af

SHA1
4d3f63ef83bb6885f9b1cd29d4f5f0b66b656e3d

SHA256
0da5235b4039bdfd1f92db84e6ef96419c941a8f33a9d96b8d47c4bf07cc4d26

SHA512
561b9516b44746e997864962404260b604fb796ed7b9bf860bbcf83e494430da80dec44f1679b66438cbd9e7b0bf8c8767a824a7b546a344d1f31d570b4ded25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe

Filesize
468KB

MD5
ef724e3b6d101e53c6ebf7820ba49c69

SHA1
956cef1d14fa8dc0921a8e67051c6836649625bd

SHA256
3f0b766211ece253991a8f969ed08e290aa47b61e75beff64749a462d61689f9

SHA512
6c6ce3cd93db11b5b96c67c0e90ba8c4fa41ca059645e01692c8f32b921c5915a53013f5217014e69b4206cf00b4fc19c920379169d4ec59a55f23aca485da69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe

Filesize
468KB

MD5
3df358394772332c7424dc42aeee9c2e

SHA1
c39e908bb4213d0de2dc59bbfa747f140488c9dd

SHA256
df61483eb6375096b0d0a1d804b1740b2e6630faae59ba4490de13c273f382a0

SHA512
717cf6251e85876e2382ffb508c7f2695ca4430160faa74976bfa9dfec97572515c30d054ae1542c0a1c70f1bbca15a44ae1cfa7406429fdc67df8b840adb9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe

Filesize
468KB

MD5
1df20b373e0805f289c4efa9ef20c91a

SHA1
a6ebb271d61f2f5d1a8338367cbdaad03770a840

SHA256
297a73ef83215d98a7e8f91c9f19eead6b5b83617e9c545fde7916c61393340a

SHA512
81f1f6d007a72333b7f62702e2a64a0fdc3d9b5c60728042610a8dc9e722e98f2cb8350e49062187bac529af3360bbd0750896d55482b960b2729046976dc713

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26588.exe

Filesize
468KB

MD5
7b5379e25b1d2c11210b02b07349def7

SHA1
e5c8ea42ad6c4829417053b5c83bbdb46bc596b1

SHA256
4a13be3d4000f15b865e0c96d379a70595b0391b59e9acf4d84ff2e3ea1dcee2

SHA512
c44315050d21241ad18b35f893bc7ffa2b942f22cb36c1aa8224862a456dc29247016ebbdde7c3a3cea88abb3770998ce3589436af147429f24bd9e675ec91bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe

Filesize
468KB

MD5
01c405bae57136ae7b5df2bf5bf430f5

SHA1
4ca1b328f3607936eeb95ef304b4a833c4611396

SHA256
10c16a0c0e6f794b5b09cdb4677418c2a80ade7cba54c9991ec728dfdd4070bf

SHA512
27db7aaca757a729995c923188f741683d56eecb81afd33dc3dd1805685b944b6985402b1a2db4a286a1d70f7121e19f446a62731851abb5d04e148a62ec91fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe

Filesize
468KB

MD5
44e9242d48a10ff0913ff46f856a491a

SHA1
5980f1cb1fe334edc9cc92fc01472c52965a1aa0

SHA256
4787367e353673ca222a4fc1c77773320254628e9042acacf94507e3ec0cc1d3

SHA512
f72881c38e90b14ddc5ac8b70bc6601572eac0a61a9b38591dc6e9a51d333e2a7a809e96544c00d0a52748879967d9d2c2e42b7b14c5173f5354c121ceaf25a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe

Filesize
468KB

MD5
afbd1701bcc30c20cf3cde4124d7d5aa

SHA1
e6afea03ff96e3a7bb10b14544e6badcec4c4020

SHA256
6fb9987b9fbdbf428ac94cc6f5eed03e23c8b705fb1884bca5291cbe221d09bc

SHA512
1bb0f029656d4d80acd6ff8c80a6945bbf13289392b5c8424ae3c335459fd4d5c56513382a9549e83792339fbc3a0201216da9bb0b216c0ecf194de20cf0a1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe

Filesize
468KB

MD5
1c6b2bc7fd9ec7006d93d3dad23b2db6

SHA1
113a1bd5aaa88b93149eecae58ba02f95a40b4b7

SHA256
bdec724f07774653acc7f2801111a5698d517de00817d908ffbd0bb23a00f06f

SHA512
cf58d50fb8001cd7c932fc023fb4765d804c28dcf0c55c5d273ecd16ea58f370c4bded61c8dd23549d0deb407ad567f10ec348f9a20645df90dac9194eee4007

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe

Filesize
468KB

MD5
0d457061fe763f4c3de9512bf1ea6977

SHA1
560bef9aab9d57a0ec9332e99a649b7ff220dc9b

SHA256
7e5ab9baffe6328427a61ae6866537e729046478fbea63cfc5dbde2cb2bc61c1

SHA512
e8053c7ffe4b32ca0524da34389746d6c79a193838a33477480b930d3bed6142add575429b3a2c71136884565607296ea71ded9eddb7e71b82c4c6f568bbd0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe

Filesize
468KB

MD5
d74a9635bb64aa25eeb51f362d615a6a

SHA1
b30dd0a94995ccef5867689a440722936cb69b2f

SHA256
1e47e35ccf57e23af198eef14eb24b35cce62ea6d267b7fa75fdd56f13a70c0e

SHA512
57663aac6c523999735bad25402d0817b8913900567079b6c6596ccc730643a5586b80e5d63830f8ddd04084277ed1eddf6e1cb398bb07863e13a83de513897f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe

Filesize
468KB

MD5
07a6d6e401b363253a2033b1fdf9e748

SHA1
43d16997270553a7838714123c4de1095ea715bb

SHA256
40f86771a9415c9f3c9f664429d809dfc1768ad24dc72ebf58c7fd8e6dfbc34e

SHA512
4593c55b6ec3a1facd62e4af622c7adef4d8b90f149342c916775f2c3d1926aff6ee846b0f69ff3a818889232f7495d2b62355ced72ae7a963db1368ff8fd5b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe

Filesize
468KB

MD5
e791cb791613d95d27bfda0416ba3d9f

SHA1
1ed47688bb222db31708fbb323d1322bf4fcb91f

SHA256
c21508c28a47b16e93a7d8031c3998dc409687a8d82377819b1b3b7e04374938

SHA512
de21527499e9cf1ab8bd18ed2ccc7bb07373f514ee2f0fdade17613dde59b6b0044cbf1b61115627159082e41399ba965443c6b3ee5ab490d5fd4d6bd649cf56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe

Filesize
468KB

MD5
d003f393878a43895773653f0d9ac4f9

SHA1
50822c4a97ba09c6acc87435cecbabb919167cf8

SHA256
6d19387fd3f59dbd0700822e79b5e5027eb0b0a990b26485138b2755b3cd2994

SHA512
f3afd3e466572a2cf896ce1208c7d1add50adc7676c90ffca02cb0c0075d1930a4b612ef9b3c0cb626115da07e029f148688eb9a12acefce20d9362ab2cbd772

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe

Filesize
468KB

MD5
6d81b637513805a07dcc40f4f5bb53b7

SHA1
4b13d835ba1f7ee081751b462f6a8b5b67b1d724

SHA256
8a2dbd5b2c9c0665dd9454c5621d11048838fca8d57cef43e67281bd9c1143d3

SHA512
35de97f3a4bc168e6e1e4c7234635f3b3d3a9ab539a372a2c1cc3b7284b5153ee45c73d505f3a573934c3dd76278ac111a8204d58927a3787f0a274ed4a171c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe

Filesize
468KB

MD5
75893597b8bb29fda6d2ec5b90aef34d

SHA1
9d9cb23448ddb201a97a70512b5dce83acd08981

SHA256
250dcae2f9abbe974f061e1a11f70a9e14fe81a443fc01d70a3d5b5f187e08f7

SHA512
8c8a1a883d30a72ae3ae759986e9fda8a744e11d455ca09e206890c98e9ba9b9025cfbd1d6bfa18e4b5c95509f78f3826099c96a3794d0a2fa5b13b521e2a413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe

Filesize
468KB

MD5
d08ca46ad35147a09966eee0049f209a

SHA1
7b45b30dd6a9786d1aa1cb81cc2ecb08a32ab299

SHA256
7e2641a2691417eda886450cffccb9fda7392f63593b72f065e442e563b6ca5b

SHA512
1f1f409b06781b63b00d04a5059c9591a515325d6904f2799851fe9681efe1e6bd40386c6ddc8b3a30bcd3f7c5cf5d351d094166fae793e8bc064d2ddefc00bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6530.exe

Filesize
468KB

MD5
464ea5d12e2de60e2736ea36b72182d4

SHA1
cb1c18e023ae4c53d6e0c2bb5361cb0f37f8e620

SHA256
bfaa30f81df1ae60876b5aeadfdcbfb8b6db7e383e99bc8de936cd7a5299b053

SHA512
6efb364a8007de4b1426bc49a560458434ebf2babb7f2f214a6f0df1521c8a7de627ee5a4514584fc1c989f1c23bac07cfdee0fa4ed6af84a1c96e5ea58353dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe

Filesize
468KB

MD5
53b5a0bb25b400163acbc0c81441c008

SHA1
be296963e9ae72b44e98399044000bf01a68ce75

SHA256
36b227b890ecdcd539aa6ab845b1b311125beb8666fc1af7d6ee879334b01671

SHA512
7ca487b4e45d17139e4125f83d52cfb0864131e475ec8c3ea53e232aa524480bd0eeb1599d3bedcba7359f5bb3fdac5f2eb5b623de9131c0bad5c6b7262f104e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe

Filesize
468KB

MD5
52e7c1232b2e27194055a725cae0fe05

SHA1
58c7b1bc06d02449e5d21fabfe8d9eda3cfff0ee

SHA256
1a2ef90247775e67b5ea1b07fd613dd064dcb7fe3d691fe84e6e48e3705c58c2

SHA512
4dd17872d894f26dc7f70d91fceeea9bc007c14ca6ceb01125a23c2746faa9891e2ecff6bd96fbb17800b17a059f8fd6f8f6a45651eed295e459cd6245b2ef00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe

Filesize
468KB

MD5
0ccf8c796d0dfb7f58be21be13241402

SHA1
05eeab48d130faa24a9d963ce3ed2cd9edc2d6e1

SHA256
766f4b4946859bcc105084f0032ad179638d82a1168635ae49367a1f668cef04

SHA512
8e676d5683bbacca29008dc5958141cfecf7ffdf5fdb5a0964de9bbafff61b9f0451468cce9b2f48cf2d82ffe775a44cff7e30345c88edb2fb24adff219dc552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe

Filesize
468KB

MD5
aa84ef070ef26a69951eb5c91563ce92

SHA1
549ed984347fbc5e18a6e0b3639b0c377a07fd07

SHA256
8cb7c39f1740816370c2bba0dd041e8ef7d1eb49072b94c45b3b807e4cd759d0

SHA512
56396814fbb03ac6148c99932006eef247b1eaed40187035b33e497a8af1ead37dd82971affa7c5614e707478aceb7112e95fa33833200282ec7fe6ed5b8125a

Download Submit
memory/372-235-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/388-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/612-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/804-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/984-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-127-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1420-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1716-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1808-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1820-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1992-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2188-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2316-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2336-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2348-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2384-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-91-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2632-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2676-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-521-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-142-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3112-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3220-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3236-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3328-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3360-461-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3396-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3400-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3404-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3420-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3428-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3560-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3564-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3636-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3672-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3680-483-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3772-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3796-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3924-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4156-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4220-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4236-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4372-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-486-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4412-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4536-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4544-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4592-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4612-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4644-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4672-221-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-189-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4828-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4860-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4920-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5040-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5096-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5340-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5356-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5364-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5404-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-548-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5448-551-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5468-552-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6132-3326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6624-3325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6764-3355-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/7508-3436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8240-3438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13692-2427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15204-2426-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads