d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26

Analysis

max time kernel
120s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe
Size

468KB
MD5

a2739f2cf771aa77f5ca208cd8128240
SHA1

e7c3b3163c1eaf6097dd8d1001e2e362cd68675b
SHA256

d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26
SHA512

06b31a1b015412d64a7fe5528eb100fd741bcc27eda9d9d34a2a42e368e047e1be90c77ade2fc2f7d34933dacc847931c5d71c44efe361d544187a3c2fcc04d1
SSDEEP

3072:5GdoogYIId5KtbYuPztjcf8/GCtZP3kShjHeLVWdCe780vIPO8lU:5GaoRbKtZPJjcfqUBsCeoSIPO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3256	Unicorn-35735.exe
612	Unicorn-50099.exe
4508	Unicorn-42485.exe
4416	Unicorn-44007.exe
2192	Unicorn-2652.exe
4216	Unicorn-60343.exe
444	Unicorn-1120.exe
5084	Unicorn-10898.exe
1352	Unicorn-29272.exe
4824	Unicorn-6108.exe
3148	Unicorn-25974.exe
3528	Unicorn-25974.exe
4992	Unicorn-63534.exe
3140	Unicorn-43934.exe
1556	Unicorn-25817.exe
2592	Unicorn-37515.exe
2088	Unicorn-41961.exe
2356	Unicorn-29155.exe
2484	Unicorn-49383.exe
5048	Unicorn-25433.exe
784	Unicorn-45034.exe
1900	Unicorn-57551.exe
4292	Unicorn-20795.exe
3492	Unicorn-60758.exe
4460	Unicorn-24116.exe
4204	Unicorn-18748.exe
4776	Unicorn-5013.exe
4604	Unicorn-17316.exe
4236	Unicorn-23447.exe
972	Unicorn-55927.exe
3540	Unicorn-52590.exe
3596	Unicorn-17910.exe
4020	Unicorn-45521.exe
1996	Unicorn-44230.exe
4564	Unicorn-18713.exe
3964	Unicorn-18870.exe
716	Unicorn-46481.exe
100	Unicorn-51734.exe
5008	Unicorn-40721.exe
3900	Unicorn-60587.exe
1688	Unicorn-52419.exe
2760	Unicorn-51542.exe
3208	Unicorn-27915.exe
1044	Unicorn-9532.exe
1164	Unicorn-25729.exe
4296	Unicorn-25729.exe
2540	Unicorn-20129.exe
4300	Unicorn-20022.exe
3104	Unicorn-29813.exe
5068	Unicorn-12657.exe
5000	Unicorn-3992.exe
3180	Unicorn-58594.exe
4260	Unicorn-49679.exe
4140	Unicorn-862.exe
2348	Unicorn-34879.exe
4984	Unicorn-34879.exe
1620	Unicorn-26711.exe
1708	Unicorn-18543.exe
3252	Unicorn-46674.exe
4332	Unicorn-14821.exe
4288	Unicorn-34687.exe
4860	Unicorn-14821.exe
4088	Unicorn-43409.exe
1420	Unicorn-55107.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3388	2356	WerFault.exe	111
7960	5212	WerFault.exe	234
15260	12676	WerFault.exe	682

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3992.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15304	dwm.exe
Token: SeChangeNotifyPrivilege	15304	dwm.exe
Token: 33	15304	dwm.exe
Token: SeIncBasePriorityPrivilege	15304	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe
3256	Unicorn-35735.exe
612	Unicorn-50099.exe
4508	Unicorn-42485.exe
2192	Unicorn-2652.exe
4416	Unicorn-44007.exe
4216	Unicorn-60343.exe
444	Unicorn-1120.exe
5084	Unicorn-10898.exe
1352	Unicorn-29272.exe
3528	Unicorn-25974.exe
4992	Unicorn-63534.exe
3148	Unicorn-25974.exe
4824	Unicorn-6108.exe
3140	Unicorn-43934.exe
1556	Unicorn-25817.exe
2592	Unicorn-37515.exe
2088	Unicorn-41961.exe
2356	Unicorn-29155.exe
784	Unicorn-45034.exe
2484	Unicorn-49383.exe
5048	Unicorn-25433.exe
1900	Unicorn-57551.exe
3492	Unicorn-60758.exe
4460	Unicorn-24116.exe
4776	Unicorn-5013.exe
4292	Unicorn-20795.exe
4204	Unicorn-18748.exe
4236	Unicorn-23447.exe
4604	Unicorn-17316.exe
972	Unicorn-55927.exe
3540	Unicorn-52590.exe
3596	Unicorn-17910.exe
1996	Unicorn-44230.exe
4020	Unicorn-45521.exe
4564	Unicorn-18713.exe
3964	Unicorn-18870.exe
716	Unicorn-46481.exe
100	Unicorn-51734.exe
3900	Unicorn-60587.exe
2760	Unicorn-51542.exe
1688	Unicorn-52419.exe
5008	Unicorn-40721.exe
5068	Unicorn-12657.exe
2540	Unicorn-20129.exe
4296	Unicorn-25729.exe
3104	Unicorn-29813.exe
4300	Unicorn-20022.exe
3208	Unicorn-27915.exe
1164	Unicorn-25729.exe
1044	Unicorn-9532.exe
5000	Unicorn-3992.exe
4260	Unicorn-49679.exe
3180	Unicorn-58594.exe
4140	Unicorn-862.exe
2348	Unicorn-34879.exe
4984	Unicorn-34879.exe
1620	Unicorn-26711.exe
3252	Unicorn-46674.exe
1676	Unicorn-55107.exe
1420	Unicorn-55107.exe
3664	Unicorn-9917.exe
4288	Unicorn-34687.exe
4088	Unicorn-43409.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 3256	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	89
PID 2344 wrote to memory of 3256	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	89
PID 2344 wrote to memory of 3256	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	89
PID 3256 wrote to memory of 612	3256	Unicorn-35735.exe	92
PID 3256 wrote to memory of 612	3256	Unicorn-35735.exe	92
PID 3256 wrote to memory of 612	3256	Unicorn-35735.exe	92
PID 2344 wrote to memory of 4508	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	93
PID 2344 wrote to memory of 4508	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	93
PID 2344 wrote to memory of 4508	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	93
PID 612 wrote to memory of 4416	612	Unicorn-50099.exe	95
PID 612 wrote to memory of 4416	612	Unicorn-50099.exe	95
PID 612 wrote to memory of 4416	612	Unicorn-50099.exe	95
PID 3256 wrote to memory of 2192	3256	Unicorn-35735.exe	96
PID 3256 wrote to memory of 2192	3256	Unicorn-35735.exe	96
PID 3256 wrote to memory of 2192	3256	Unicorn-35735.exe	96
PID 4508 wrote to memory of 4216	4508	Unicorn-42485.exe	97
PID 4508 wrote to memory of 4216	4508	Unicorn-42485.exe	97
PID 4508 wrote to memory of 4216	4508	Unicorn-42485.exe	97
PID 2344 wrote to memory of 444	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	98
PID 2344 wrote to memory of 444	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	98
PID 2344 wrote to memory of 444	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	98
PID 2192 wrote to memory of 5084	2192	Unicorn-2652.exe	100
PID 2192 wrote to memory of 5084	2192	Unicorn-2652.exe	100
PID 2192 wrote to memory of 5084	2192	Unicorn-2652.exe	100
PID 3256 wrote to memory of 1352	3256	Unicorn-35735.exe	101
PID 3256 wrote to memory of 1352	3256	Unicorn-35735.exe	101
PID 3256 wrote to memory of 1352	3256	Unicorn-35735.exe	101
PID 4416 wrote to memory of 3528	4416	Unicorn-44007.exe	102
PID 4416 wrote to memory of 3528	4416	Unicorn-44007.exe	102
PID 4416 wrote to memory of 3528	4416	Unicorn-44007.exe	102
PID 4216 wrote to memory of 3148	4216	Unicorn-60343.exe	104
PID 4216 wrote to memory of 3148	4216	Unicorn-60343.exe	104
PID 4216 wrote to memory of 3148	4216	Unicorn-60343.exe	104
PID 4508 wrote to memory of 4824	4508	Unicorn-42485.exe	103
PID 4508 wrote to memory of 4824	4508	Unicorn-42485.exe	103
PID 4508 wrote to memory of 4824	4508	Unicorn-42485.exe	103
PID 2344 wrote to memory of 4992	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	105
PID 2344 wrote to memory of 4992	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	105
PID 2344 wrote to memory of 4992	2344	d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe	105
PID 612 wrote to memory of 3140	612	Unicorn-50099.exe	106
PID 612 wrote to memory of 3140	612	Unicorn-50099.exe	106
PID 612 wrote to memory of 3140	612	Unicorn-50099.exe	106
PID 444 wrote to memory of 1556	444	Unicorn-1120.exe	108
PID 444 wrote to memory of 1556	444	Unicorn-1120.exe	108
PID 444 wrote to memory of 1556	444	Unicorn-1120.exe	108
PID 5084 wrote to memory of 2592	5084	Unicorn-10898.exe	109
PID 5084 wrote to memory of 2592	5084	Unicorn-10898.exe	109
PID 5084 wrote to memory of 2592	5084	Unicorn-10898.exe	109
PID 2192 wrote to memory of 2088	2192	Unicorn-2652.exe	110
PID 2192 wrote to memory of 2088	2192	Unicorn-2652.exe	110
PID 2192 wrote to memory of 2088	2192	Unicorn-2652.exe	110
PID 3528 wrote to memory of 2356	3528	Unicorn-25974.exe	111
PID 3528 wrote to memory of 2356	3528	Unicorn-25974.exe	111
PID 3528 wrote to memory of 2356	3528	Unicorn-25974.exe	111
PID 1352 wrote to memory of 2484	1352	Unicorn-29272.exe	112
PID 1352 wrote to memory of 2484	1352	Unicorn-29272.exe	112
PID 1352 wrote to memory of 2484	1352	Unicorn-29272.exe	112
PID 4416 wrote to memory of 5048	4416	Unicorn-44007.exe	113
PID 4416 wrote to memory of 5048	4416	Unicorn-44007.exe	113
PID 4416 wrote to memory of 5048	4416	Unicorn-44007.exe	113
PID 3256 wrote to memory of 784	3256	Unicorn-35735.exe	114
PID 3256 wrote to memory of 784	3256	Unicorn-35735.exe	114
PID 3256 wrote to memory of 784	3256	Unicorn-35735.exe	114
PID 3148 wrote to memory of 1900	3148	Unicorn-25974.exe	115

C:\Users\Admin\AppData\Local\Temp\d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe
"C:\Users\Admin\AppData\Local\Temp\d799a83209faa3ddd1df27e0f4e56d61374fe28286139b8ab43551d8750f9c26N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 720
        7⤵
        Program crash
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6394.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        9⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        9⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56739.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        9⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        8⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        8⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        8⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        8⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        7⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13693.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        6⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        10⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
        10⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
        9⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
        8⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        9⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52158.exe
        9⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        8⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        8⤵
        
        PID:18360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        9⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        8⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        8⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        7⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        7⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        8⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        8⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        7⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        7⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        6⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19527.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        7⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        6⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        6⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
        9⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        10⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        10⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        9⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        9⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        8⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        8⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        8⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
        7⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        8⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        7⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12676 -s 436
        8⤵
        Program crash
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
        7⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        7⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63253.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        7⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3846.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        7⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        7⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        6⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        5⤵
        
        PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        6⤵
        
        PID:416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        6⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        6⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        7⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        6⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        7⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        6⤵
        
        PID:15132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
        6⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28349.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        5⤵
        
        PID:18132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
      4⤵
      PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
      4⤵
      PID:17944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        10⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        10⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        10⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        9⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        9⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        9⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        9⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        9⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        9⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        9⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        9⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        9⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54098.exe
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        8⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
        7⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        7⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        6⤵
        Executes dropped EXE
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        9⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        9⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48955.exe
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        8⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        7⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        9⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        9⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        9⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        8⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        8⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        9⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
        8⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        7⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        9⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        9⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        7⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        7⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39879.exe
        8⤵
        
        PID:18228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        6⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        5⤵
        
        PID:5212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 632
        6⤵
        Program crash
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        5⤵
        
        PID:17560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        6⤵
        Executes dropped EXE
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        9⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        7⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        7⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        6⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        8⤵
        
        PID:18220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        7⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63330.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        6⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        5⤵
        
        PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        7⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        6⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        5⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47088.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        6⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        6⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        6⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29814.exe
      4⤵
      PID:17928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3686.exe
        6⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19003.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        7⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        6⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63424.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        7⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        6⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        6⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
      4⤵
      PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
      4⤵
      PID:16732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe
        6⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        5⤵
        
        PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        5⤵
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
      4⤵
      PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8265.exe
      4⤵
      PID:15488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
        6⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        5⤵
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
      4⤵
      PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
      4⤵
      PID:15476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
        5⤵
        
        PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
      4⤵
      PID:15688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
    3⤵
    PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
      4⤵
      PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
    3⤵
    PID:5052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
        9⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28474.exe
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18891.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        8⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63619.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        8⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
        7⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        7⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        7⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        6⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        9⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        8⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        7⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        7⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6461.exe
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        7⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        6⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25151.exe
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        5⤵
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        7⤵
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        6⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        5⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58182.exe
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        5⤵
        
        PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14621.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
      4⤵
      PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        7⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        6⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        6⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        6⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
      4⤵
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        7⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        6⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        5⤵
        
        PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        7⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        6⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25260.exe
        6⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        6⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        5⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
      4⤵
      PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
      4⤵
      PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
    3⤵
    PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54586.exe
      4⤵
      PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
      4⤵
      PID:9016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
    3⤵
    PID:9440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
    3⤵
    PID:13132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
    3⤵
    PID:12060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        7⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        7⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        7⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        6⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        5⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        7⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        6⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
      4⤵
      Executes dropped EXE
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9781.exe
        7⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        6⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        6⤵
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        5⤵
        
        PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7738.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21650.exe
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61253.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        5⤵
        
        PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
      4⤵
      PID:18032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        6⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        6⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
      4⤵
      PID:12236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11277.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
      4⤵
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
      4⤵
      PID:16656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
    3⤵
    PID:9456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
    3⤵
    PID:13088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
    3⤵
    PID:16696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        6⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21100.exe
        6⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        5⤵
        
        PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        7⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        5⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        5⤵
        
        PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
      4⤵
      PID:10920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        6⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        6⤵
        
        PID:12464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        6⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        6⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
      4⤵
      PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39879.exe
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64997.exe
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
      4⤵
      PID:15812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
      4⤵
      PID:8044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38714.exe
    3⤵
    PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
      4⤵
      PID:11532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
      4⤵
      PID:18088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
    3⤵
    PID:15456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
    3⤵
    PID:11992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        6⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        5⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe
      4⤵
      PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
      4⤵
      PID:13192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
      4⤵
      PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
      4⤵
      PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        5⤵
        
        PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
      4⤵
      PID:15468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
    3⤵
    PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
      4⤵
      PID:17216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8301.exe
    3⤵
    PID:10816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
    3⤵
    PID:8804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31447.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
      4⤵
      PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
    3⤵
    PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8737.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
      4⤵
      PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
    3⤵
    PID:9404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
    3⤵
    PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
    3⤵
    PID:17328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
  2⤵
  PID:5828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
    3⤵
    PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
      4⤵
      PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
    3⤵
    PID:9964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
    3⤵
    PID:17476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37636.exe
  2⤵
  PID:8188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
    3⤵
    PID:12864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
    3⤵
    PID:17968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
  2⤵
  PID:11080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
  2⤵
  PID:15592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2356 -ip 2356
1⤵
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5212 -ip 5212
1⤵
PID:6700

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe

Filesize
468KB

MD5
4315cba584a25b3df48ae70695730608

SHA1
4e3df1ab0fbd623be657c4da07ca034d50339689

SHA256
70c421955d1cb41c1f24a2723e8fef84d2b4d1bf832913dd5bf34325d922469c

SHA512
660670a0dff4b0cef874fdd0b9d7008dbc5c1d4a788c91466ee97bfcd523517e67dc244310b6cf01134569ba8240a7c31cf962a309dc6abc703187eb6fee233d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe

Filesize
468KB

MD5
4512bd4de2d0dc516f3e5123c1c24947

SHA1
0fdffcbbb10b2926826cdeca5eb287529198d01c

SHA256
40757efa18424bff86ea16b8c536e81b20624d7b2d18cec18d65fa9402e12063

SHA512
5143cc305ab0f0963650170ba2efeaba38d260c8ce0dc9e7076cc67187d2947b0a692eb0d4bf110ef9abef4bf3793c349bbc62a99c6544b6e5f78c2c3adc6af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe

Filesize
468KB

MD5
2c8d6baa04f0ed5824acfd0b8d183423

SHA1
811981b72b4ad4955f8ee69ca01a6aff53fcc107

SHA256
83a2a17e7b6ebe55bc03127fc0fd430130ec9fe0d8489362dcda7d5d22707b75

SHA512
71e3e5595c1261542d797370194c896b7c8572635da0657ce4a297d532d240972d8678c225a1ee67094e8389d2275af48199cc4b01e4422f4882fd7ead26cc20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe

Filesize
468KB

MD5
e7bdbc93e3a02209ae1b22af3b27977b

SHA1
6768d85d1575d0f42429c0bf965a00b136e415f8

SHA256
22aa2fd7e2e251c9bbf6cb24fa869641c91820d8d564031ce2b4b48bae8728f3

SHA512
bcbd4e1324ae94d37820ce4fe22d2757548875c3b3c557f718bac90ec66ad39b4fbb26a6a17007d2d3ef8b5e745bee01bc4b4ac029bc795f0d451649ce2c0929

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe

Filesize
468KB

MD5
41541798e9d0e09c2585f95683cd59bb

SHA1
f10e72137cf1f82cff1bacec942b103eb069890b

SHA256
d7d6b962752e9d9d38427de4aa7dca24dda4e02b66e3bfa02ad71b92eb8fe187

SHA512
364e31ef0e9df40efffcb79abbee9550ebc58109221086a1b039cdc1a86a3027dcde70b26032cc7fce3e6dc2992ffc0fb0884e1768408f4017091cbfe9c49866

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe

Filesize
468KB

MD5
caa5c09f4629babb4dd5f68704a353b8

SHA1
8156e6a25d3d04250dbe468a2b9d32ce3d0034df

SHA256
da0490505450762c772d7bcbe38c3883d1444d75c37ecb12d1180c23214c0fdb

SHA512
ac38e73394c8fa3b2207507ce41bf1bef6969c2545482d7337641061235d5100eb6f90d96362940423d6dedd87ad8fa8a4ae9b0f1cfe598179cb6e4ef7302843

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe

Filesize
468KB

MD5
b4a66bc4becd89b7cc0f7adfb52cafe1

SHA1
775cc69cce7a1f6ec8de5d9c230faa3fcaaf42eb

SHA256
59aa071782d982f5e9eb516aee15fe52fa49f074560c7426b1aad1b21cd1fffa

SHA512
52519ccb50bbfaef0f69b589d4fd65f5df7a6434c33c946cbcc43b084a553dcb30c967f79a2fa46ee9df8b1180d5803ae6c060d8944d49b200ca6cc00e51c9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe

Filesize
468KB

MD5
6d7ca69a0c1ef271fffc777d23fd06e1

SHA1
e23228e0a3dae696a07bb024d536e36a2f5a3606

SHA256
61f8ef1f20afd74d39b111d1aa29b56d5d2a9cb887586eb47b252c5ffbe13ff8

SHA512
45621a3000752cad1f81cc48fa2dd4c44394d6dd46435970a5721abbc351014040882db9408869a49b9d9d8f48122864da161c1e05082c27957b9ea950a44700

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe

Filesize
468KB

MD5
caa10d8897189075e653786212257ca9

SHA1
bf7b1a054c17e6ad40741ef02c8b948d3edd7110

SHA256
a75fd72e60e92d52d6ad2e5601e52f86da57421ceb6bb669e74ccf8c2af4294d

SHA512
abbc8d3b9b877fe3703b6e807308b6ea38381938bbbe0719e443ab27def794bff362f22252995f72358678bc3a10c436c22790753dccfbe84e4abc65ea670ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe

Filesize
468KB

MD5
e224dfc7a92d5b455129bc4d052dfe8d

SHA1
b0a11594301e95a08addb02b03dfcbe730153f28

SHA256
a80ed800df3cc0fd22e9a3943244cdb07319f917dfc7e7f194bdf859e86dfa61

SHA512
fa5f27291c10f60a2a445274aa4a52e6fc94daf8028d616ce801c08cbc11b5aeacd0db0feec26130346ddc005b4b6ee3a3e5465fa80df3dab6ce2a58ef8fc0d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe

Filesize
468KB

MD5
9c87462e0ddd608f4159f1b0c3c9e763

SHA1
6c69e48f1fe04813dfaa6caaaa1bb60693bcc53e

SHA256
2c4b5e12e479c69e01a96da17b59b8bc7a24823f8ac4454d12614f90c765e58a

SHA512
68677c65e0fdb6248f867b40373da3604dd72f008ac7b5220875981408d2b1f8044cefc48bb1fc67ea0807d849c2fc0a60a9553fb44d4dba72cc563bc5b96b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe

Filesize
468KB

MD5
144632b88fa808206c3a8836dcd2cc29

SHA1
1a8b79593d21d6adf52c00b846270b749138902c

SHA256
4dad7075d066e17cad32f0a6b928e0a5f97a3f8a65b065c722d8d971b86fe56b

SHA512
f41fdb61bddfa4f01b028bc4efd323872695304191d212d0621baaafe4c7b134e4ccfab283c825002e8c0aa4017044f34985f9bd28ab64cf40f06bca3c8aa09e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe

Filesize
468KB

MD5
148799397273ed308c7b263a649b8aef

SHA1
d5ce0d28c0bed185a34148582e81c13b62348800

SHA256
a919656dfebe2c69c3f8940fd4c4be07944270650fc1220c5d185e707a658e9f

SHA512
e4e35aa98d762a3cc7bc4fa45036afade417f7a87d47e957e910ccdf3e986647da608fbf9a95e2f68a9d9317bbd4dbfb27ea714c61a01c485adae51dbbfcac07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe

Filesize
468KB

MD5
8ca8acec6dff6693d3c0678ee861fa9a

SHA1
961a22a216df496db30e2b34bbe075622ae7d5d0

SHA256
3cd8ca40c255e5f937e8828b8fa87a1c70f76f6595c5788e8d548fd47ccc77e4

SHA512
ad7c90ce5f18f2d8955ead067bc74bd02a8e6c1dddfddf80da4307b66764b072d138e9abab3cac6191e1a8e88c36968e02cb9adeb1226169f6cb8903368f7392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe

Filesize
468KB

MD5
a0b44bbf7588ef97f88754cda335762d

SHA1
b4a26447c6117bb0bba2e7b26307c0fc35003e7b

SHA256
f368d4f8fcd22ddc8788e9c2137d44d60d71cf6e8ae62f65586ec6bd15226f53

SHA512
9d511c2229ea45851e19cf69b380493b6e52a40f2075a38d6e763be7b8f69146bbccea4ea7d08ec2f7fa551be8ac88c7f21c371c79014e9ab10c6a35636c4dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe

Filesize
468KB

MD5
ccbc693f5d50af7195b4e9824ae4f79a

SHA1
920e32a2cd3f549781c831b173bf88e2dbc6be36

SHA256
b109862032b8e3a6f2c4993f7a2bf569729c862ff7b8eee1c1688ec3c7a66340

SHA512
9bb6a507e9202b449d9ca0125421bc8528dbe7a6dc3a952fbd5761cb05a2c341c6f1e91c6bede5309409100eaf17cc128d048fbb2338f335f69cb72d809c6142

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe

Filesize
468KB

MD5
9b354039342a417f24feea249025c6c5

SHA1
7fd023aa51f3bc562563e4a3bba8f0106a28a4e8

SHA256
b55ff8ba690580ebc6d5935ddeeb85b05e5e30ecca464b515119aed3bb4eb396

SHA512
2a8727f20e36cd4a3939aca43941b96d8c4ea17fda2949dd10ca8b447c8d3aacebd85c0474a233c833a321af3c60ed330b052aa53e2c721bb74432bd5c2a6a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe

Filesize
468KB

MD5
4a305514017357aa17d184a20ce08612

SHA1
bb97bcad3d1b04fac3c1c6a6fe42504c38588de3

SHA256
6a9d55606504f5b110981bfd81e886d48a085a4c444be3cab2c5a95e54d1dfd8

SHA512
0010112ea9ca5d5559e8f94296253df74ff2955955f88b8fc1b9f079ed5fff365500d66f08aff72f4a2f99a76f4ae120a46fa812331615271c9dcd779075a96a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe

Filesize
468KB

MD5
802f3085443dc2710a83e3fa3c5dc3bd

SHA1
9cd1f4f90467935cc3f80971823bc5e700062c3c

SHA256
6de0da9fe29856900cb6c66cde83926f9cc0856ff20e601cdffd108b4a88b6ef

SHA512
bcbab208c83d9597f243d94a28f66a9f22df2e75c590120e05aca2ed10c09b30ff168da41e1f822dbef2160281fee7feddacd0c961caaecc1fb42cb451a37d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe

Filesize
468KB

MD5
598fc64eeae1ad3166fa7c46e99501ae

SHA1
38a0bb9a6112648b727209f46edd7f629b1e944b

SHA256
deb3e0ade2c27d5cbb8615c25d39c52b18abfccfe9a5d6abca3041281596a904

SHA512
a6566edebda1c2876ea95736986ac923ded58ff8aa2064cb38560031d16e30b5235c2d9eaf11a8e9fe6c51cc370a10a3a45389845b7676bdc191c626bcef57d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe

Filesize
468KB

MD5
22ba4e30b5dc84174f6e70261cf01d30

SHA1
ba337030374e0fa81ed46bfb451576d39e0f10ee

SHA256
fca922cd0e3af70592782c7636baa352ee3d15810b63ebef034ad8da3d59fcfb

SHA512
cd397018f13dec18c3da88b3402b97f0d94ab8f669aa1c7c51a8c5da93b082c7970b44e04127ade5ee87c47ba56d2611a6337178bec4b9064807f28da436c5ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe

Filesize
468KB

MD5
f50da9bfea846c9513f11d7a3db576e5

SHA1
4384d06a7b26cfc2befad5d4c5590beae7aa5b86

SHA256
b3d4b70b01007aa9610ba76dd0a2456246ad6069b089b71529ed925943600a33

SHA512
9dc828222f2300191fccc55c7e28a4a092ca2efbfe56a3ebd7840850cb8fceeb7274890ad961ce0a495ec3a693fae6021bcf6c6450756bcbabca48c01d45f6b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe

Filesize
468KB

MD5
389356dd02582d90c16b202c01653052

SHA1
9bd8dc812481e539838ca269ebdaf604646ea0f0

SHA256
e4a62a0ebfd4a3d393efc544d063dec7074c4d04eac27f0c0e5da445256eb690

SHA512
d7ece6fb54f061e42690476098d3884510997bcf7dcc62eb06cec1e50cafd7511a5089084aa22c923011889cdcbf78661b37b30fad5a944e9166594155c8fa0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe

Filesize
468KB

MD5
0eea07acf46819d04a78a7ac5cd393b0

SHA1
0422f8f999f3bb4008e8c03eb34eb6c4702f686c

SHA256
ca385f45c02fe20a3657a9ca6719cc0d069b00a924ad5053996b0e92fd092e9c

SHA512
f3b4429c61fd5343766869dd939e3eab4e1907695a77d9fd08fe587363c92cccbb060bf48b90a7936fbb6bae16ade6b26f09f250c0c4f9f845e281b2fe5ec1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe

Filesize
468KB

MD5
3e1006a95c66e1b8d23e04e52b0a54c8

SHA1
361320fb34fb0c0d9fab88578cc6dd88aa66d950

SHA256
436b3d275fbf2f4ef4870f5e744b2a8c8b97dbe9e3a7f01d64a0b48bc38b4b76

SHA512
aeb9fc704a40756da5a95b31b3bc8739f91a426f0907b468b099e52554677a40bea590c8694d092bf482246a76c95eda2cbd627877c78cc6f53359250091ea5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe

Filesize
468KB

MD5
0963b9cc50941e993e9cc95a3a3e0601

SHA1
06b0ac37e369fad2d5c5f56b554e560efab3656d

SHA256
1d1b8eb1f9b77bdfc9727287e3d6609528e48f102c08b0fcaf598f27d84f5eb9

SHA512
020fd6676882098de317e10dcc0a5bcfbb0fe67f39a1ded5b7d707704ae89217f1a631875bd73777c788aa19285efe3a1f5e565f794ce3ac16505642fe6498e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe

Filesize
468KB

MD5
c411c849977275d9f6f471833e2081eb

SHA1
82ec928dcb1c95e80bf98293c93d2340917b71ff

SHA256
fdc15bfb4ed8a819f9653e6fafd999dab4e836d8a609283f3c5cdad63d4d0e5e

SHA512
d195e5dc542da97be34eb04390cb19120fed5e9266a8551411c8c600fa7b29f01b8ed1af5ac98dddd8966c949da47a44d57d3b2dc6d8e664f1eda4d45464d22e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe

Filesize
468KB

MD5
0b4d5e4efe5bed6a4d15e5e41a46d85e

SHA1
bbec6a822f7b9722e0e62864348a08d552bf4d80

SHA256
862574175b5b42b5d7f377d01a63cce8227bc1c3b79df52f4c85888a85caaf92

SHA512
86301cc23e4bfe4b4c028ade866659e8cb0d9c27a1ba4f658ea6a52d039013224566e7f182afa710885b9fa8340544906e6168caf333451e49cd9695f2b1759c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe

Filesize
468KB

MD5
3aed005369afb55819dda07d03d4aa4c

SHA1
ff268e18640717cce6c31dc7cfb9c4cf2d5780e2

SHA256
41270095a1f2d821068a9086e8eb627d80aec4a79b122735c166aa6b029296c6

SHA512
cf32390dbec91b64c35d6da15f1c95f70ef665c2bc7ca33957e2acb363a8e38913f44b15ca29816585c6aa95be16613cc65b782a0cc0b1dc063aeec01547dade

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe

Filesize
468KB

MD5
301f77745f31800e79d961564eabf614

SHA1
acf0947e884161036224787ffa39a918c03f337d

SHA256
4f9f3a337e8b6fb5e1c94a68095b803258ef89f8c311dd2ec11ee19c97fb0789

SHA512
3be4bcea440c71e969d7e2a194b228b0cc9736096b5b265af47faad7df0e10fed38be80962bd697c1ec46958eaefad437df3cd55af6bc5a5f8bb486d6222db8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe

Filesize
468KB

MD5
277cc2fa67365e651522d33ab1721075

SHA1
3eb1a792a3288869467b9927f69848abf7515d99

SHA256
3fb0cad8422bf66311220217906a23945ddfa728b1a8a2f65e302614d1558796

SHA512
3990877ba15fb70b3ed075a22cc4bd434a5df4c78f1755065dd04b214b0333bb9cbaf4e8aca90123fd27a332da694a710374260dcb61327634ceb082316834f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe

Filesize
468KB

MD5
23a3d11bb85ad45582d43ab634b2c016

SHA1
b5379a77c810ca6d0af7e95f8edfed0a8cf5c0cf

SHA256
350c7f17f633832a9f2d229c46863d6e3fdca8e2e4666c7738fcf2b7b34ccf58

SHA512
558036f3e3abe1384a1e14b3c0c9b4b93a353876eb0e4ee6c96dada5c6a69465c1aa6e53361d9be960d3b2d933462fd4a00d8c263d46162c1a8cee2711925c40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe

Filesize
468KB

MD5
b2590550d33d3a09cbd8b34f459a1f75

SHA1
976c34f052f2f541d915fe62ae4542b94c1523cf

SHA256
15902862d1f4112baa001ddfdf9633c6ec4f78c366cef95868d722f2a536ea53

SHA512
147ffdee102ed66409dcc96a8ab161b155422c2c548857d58dbc11a8314a0e7b3998f772896544722529c2aaf0be09309f4a58ff091ef43aee85cf7631aa341e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe

Filesize
468KB

MD5
a06490c7ea82f527a8ebd8590b096a42

SHA1
a03136bf44265fafc7dd3b1cefe62db9847b660e

SHA256
261bd95285130c1d0c2d1c2b3f3fde89254179cda281000984da58a397ad52a1

SHA512
5c5bf9acac5f6b9ed908d0fa914c592340c0d130f1348ccfb03d2433f910297f9cb4af4b8d98940dc3d7088d2f2c24d443923324aaeda111f731f0886cf41e7b

Download Submit
memory/100-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/444-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/612-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/716-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/784-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/972-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1068-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1164-298-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1352-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1620-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1676-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1900-150-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2088-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2344-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2348-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2356-132-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2484-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2540-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2592-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3104-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3140-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3148-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3180-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3208-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3252-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3256-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3492-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-218-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3596-230-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3664-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3900-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4088-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4140-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4204-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4216-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4236-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4260-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4288-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4300-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4332-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4416-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4460-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4508-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4564-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4604-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4824-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4836-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4968-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4992-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5048-140-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5068-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5084-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5152-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5160-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-436-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5248-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5328-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5348-466-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5400-467-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5428-469-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5480-468-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5492-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5512-501-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5548-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5584-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5628-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5636-510-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5684-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5724-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5768-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5812-515-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5820-516-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5828-517-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5856-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5888-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5904-522-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8044-3390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/8064-3492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/9752-3561-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/10336-3711-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17008-3622-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17300-3354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/17368-3349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads