7e3337f771c909254b18eee376404548dcd1cac0e98eed657dd2a7ae8fbf539b

Analysis

max time kernel
115s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d42216248d66d3d8bda363645b5e8450N.exe
Size

468KB
MD5

d42216248d66d3d8bda363645b5e8450
SHA1

1a22a973b2a9380495368ba0d115234ef3d6023b
SHA256

7e3337f771c909254b18eee376404548dcd1cac0e98eed657dd2a7ae8fbf539b
SHA512

1a89a51a959c4fb4ae4c2b8ae55e3dfb5a9bf3110fe85ac18cfbf60b4dfbf70a9274dc52ab880692b70d8de43c0c996793bfff447d86206433fc813cf49ab33b
SSDEEP

3072:1U0KodIKq85UDbYwH5c7cf8/XCusq0pBnLHewmZP/PV+lSRs6zlh:1U5oiUUDfHS7cfkYUF/Pc8Rs6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3360	Unicorn-63676.exe
2656	Unicorn-40215.exe
1040	Unicorn-58175.exe
1680	Unicorn-56115.exe
4524	Unicorn-49571.exe
2668	Unicorn-10998.exe
364	Unicorn-42694.exe
512	Unicorn-630.exe
1456	Unicorn-18590.exe
4836	Unicorn-38456.exe
1612	Unicorn-20073.exe
2120	Unicorn-438.exe
3892	Unicorn-61626.exe
3488	Unicorn-46110.exe
644	Unicorn-61891.exe
5028	Unicorn-53287.exe
4296	Unicorn-16893.exe
2964	Unicorn-7978.exe
2636	Unicorn-365.exe
3412	Unicorn-8663.exe
2112	Unicorn-3510.exe
4428	Unicorn-64963.exe
3928	Unicorn-62917.exe
4548	Unicorn-54610.exe
948	Unicorn-63292.exe
2556	Unicorn-63027.exe
4308	Unicorn-57162.exe
3484	Unicorn-61461.exe
980	Unicorn-46442.exe
4928	Unicorn-19676.exe
4764	Unicorn-64278.exe
1112	Unicorn-31544.exe
2172	Unicorn-24344.exe
724	Unicorn-38643.exe
1652	Unicorn-31029.exe
3768	Unicorn-50895.exe
3276	Unicorn-11953.exe
672	Unicorn-21604.exe
4988	Unicorn-44626.exe
2168	Unicorn-23075.exe
1144	Unicorn-32866.exe
1104	Unicorn-32587.exe
4596	Unicorn-32587.exe
4972	Unicorn-24973.exe
2608	Unicorn-20335.exe
4092	Unicorn-33141.exe
4412	Unicorn-11974.exe
2324	Unicorn-11709.exe
4812	Unicorn-28311.exe
4816	Unicorn-32949.exe
2992	Unicorn-52815.exe
3896	Unicorn-33007.exe
3252	Unicorn-33272.exe
5092	Unicorn-14889.exe
2704	Unicorn-21988.exe
4488	Unicorn-60022.exe
4392	Unicorn-19951.exe
3908	Unicorn-35524.exe
2916	Unicorn-21788.exe
4964	Unicorn-1175.exe
1156	Unicorn-25357.exe
4284	Unicorn-35008.exe
4052	Unicorn-22940.exe
3416	Unicorn-35746.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
12904	6584	WerFault.exe	249
3980	6584	WerFault.exe	249
18052	16108	WerFault.exe	777

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18236.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15368	dwm.exe
Token: SeChangeNotifyPrivilege	15368	dwm.exe
Token: 33	15368	dwm.exe
Token: SeIncBasePriorityPrivilege	15368	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4592	d42216248d66d3d8bda363645b5e8450N.exe
3360	Unicorn-63676.exe
2656	Unicorn-40215.exe
1040	Unicorn-58175.exe
1680	Unicorn-56115.exe
4524	Unicorn-49571.exe
364	Unicorn-42694.exe
2668	Unicorn-10998.exe
512	Unicorn-630.exe
4836	Unicorn-38456.exe
1456	Unicorn-18590.exe
2120	Unicorn-438.exe
3488	Unicorn-46110.exe
644	Unicorn-61891.exe
3892	Unicorn-61626.exe
1612	Unicorn-20073.exe
5028	Unicorn-53287.exe
4296	Unicorn-16893.exe
2964	Unicorn-7978.exe
2636	Unicorn-365.exe
4428	Unicorn-64963.exe
3412	Unicorn-8663.exe
2112	Unicorn-3510.exe
3928	Unicorn-62917.exe
948	Unicorn-63292.exe
4548	Unicorn-54610.exe
2556	Unicorn-63027.exe
4308	Unicorn-57162.exe
980	Unicorn-46442.exe
3484	Unicorn-61461.exe
4928	Unicorn-19676.exe
4764	Unicorn-64278.exe
1112	Unicorn-31544.exe
2172	Unicorn-24344.exe
724	Unicorn-38643.exe
1652	Unicorn-31029.exe
3768	Unicorn-50895.exe
672	Unicorn-21604.exe
4988	Unicorn-44626.exe
3276	Unicorn-11953.exe
2168	Unicorn-23075.exe
1144	Unicorn-32866.exe
4596	Unicorn-32587.exe
1104	Unicorn-32587.exe
4972	Unicorn-24973.exe
2608	Unicorn-20335.exe
4092	Unicorn-33141.exe
4412	Unicorn-11974.exe
2324	Unicorn-11709.exe
4812	Unicorn-28311.exe
4816	Unicorn-32949.exe
3252	Unicorn-33272.exe
2992	Unicorn-52815.exe
3896	Unicorn-33007.exe
2704	Unicorn-21988.exe
3908	Unicorn-35524.exe
5092	Unicorn-14889.exe
4488	Unicorn-60022.exe
4392	Unicorn-19951.exe
2916	Unicorn-21788.exe
4284	Unicorn-35008.exe
1156	Unicorn-25357.exe
4964	Unicorn-1175.exe
4052	Unicorn-22940.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 3360	4592	d42216248d66d3d8bda363645b5e8450N.exe	90
PID 4592 wrote to memory of 3360	4592	d42216248d66d3d8bda363645b5e8450N.exe	90
PID 4592 wrote to memory of 3360	4592	d42216248d66d3d8bda363645b5e8450N.exe	90
PID 3360 wrote to memory of 2656	3360	Unicorn-63676.exe	93
PID 3360 wrote to memory of 2656	3360	Unicorn-63676.exe	93
PID 3360 wrote to memory of 2656	3360	Unicorn-63676.exe	93
PID 4592 wrote to memory of 1040	4592	d42216248d66d3d8bda363645b5e8450N.exe	94
PID 4592 wrote to memory of 1040	4592	d42216248d66d3d8bda363645b5e8450N.exe	94
PID 4592 wrote to memory of 1040	4592	d42216248d66d3d8bda363645b5e8450N.exe	94
PID 2656 wrote to memory of 1680	2656	Unicorn-40215.exe	97
PID 2656 wrote to memory of 1680	2656	Unicorn-40215.exe	97
PID 2656 wrote to memory of 1680	2656	Unicorn-40215.exe	97
PID 3360 wrote to memory of 4524	3360	Unicorn-63676.exe	98
PID 3360 wrote to memory of 4524	3360	Unicorn-63676.exe	98
PID 3360 wrote to memory of 4524	3360	Unicorn-63676.exe	98
PID 1040 wrote to memory of 2668	1040	Unicorn-58175.exe	99
PID 1040 wrote to memory of 2668	1040	Unicorn-58175.exe	99
PID 1040 wrote to memory of 2668	1040	Unicorn-58175.exe	99
PID 4592 wrote to memory of 364	4592	d42216248d66d3d8bda363645b5e8450N.exe	100
PID 4592 wrote to memory of 364	4592	d42216248d66d3d8bda363645b5e8450N.exe	100
PID 4592 wrote to memory of 364	4592	d42216248d66d3d8bda363645b5e8450N.exe	100
PID 1680 wrote to memory of 512	1680	Unicorn-56115.exe	101
PID 1680 wrote to memory of 512	1680	Unicorn-56115.exe	101
PID 1680 wrote to memory of 512	1680	Unicorn-56115.exe	101
PID 2656 wrote to memory of 1456	2656	Unicorn-40215.exe	102
PID 2656 wrote to memory of 1456	2656	Unicorn-40215.exe	102
PID 2656 wrote to memory of 1456	2656	Unicorn-40215.exe	102
PID 4524 wrote to memory of 4836	4524	Unicorn-49571.exe	103
PID 4524 wrote to memory of 4836	4524	Unicorn-49571.exe	103
PID 4524 wrote to memory of 4836	4524	Unicorn-49571.exe	103
PID 3360 wrote to memory of 1612	3360	Unicorn-63676.exe	104
PID 3360 wrote to memory of 1612	3360	Unicorn-63676.exe	104
PID 3360 wrote to memory of 1612	3360	Unicorn-63676.exe	104
PID 364 wrote to memory of 2120	364	Unicorn-42694.exe	106
PID 364 wrote to memory of 2120	364	Unicorn-42694.exe	106
PID 364 wrote to memory of 2120	364	Unicorn-42694.exe	106
PID 4592 wrote to memory of 3892	4592	d42216248d66d3d8bda363645b5e8450N.exe	105
PID 4592 wrote to memory of 3892	4592	d42216248d66d3d8bda363645b5e8450N.exe	105
PID 4592 wrote to memory of 3892	4592	d42216248d66d3d8bda363645b5e8450N.exe	105
PID 1040 wrote to memory of 3488	1040	Unicorn-58175.exe	108
PID 1040 wrote to memory of 3488	1040	Unicorn-58175.exe	108
PID 1040 wrote to memory of 3488	1040	Unicorn-58175.exe	108
PID 2668 wrote to memory of 644	2668	Unicorn-10998.exe	107
PID 2668 wrote to memory of 644	2668	Unicorn-10998.exe	107
PID 2668 wrote to memory of 644	2668	Unicorn-10998.exe	107
PID 512 wrote to memory of 5028	512	Unicorn-630.exe	109
PID 512 wrote to memory of 5028	512	Unicorn-630.exe	109
PID 512 wrote to memory of 5028	512	Unicorn-630.exe	109
PID 1680 wrote to memory of 4296	1680	Unicorn-56115.exe	110
PID 1680 wrote to memory of 4296	1680	Unicorn-56115.exe	110
PID 1680 wrote to memory of 4296	1680	Unicorn-56115.exe	110
PID 4836 wrote to memory of 2964	4836	Unicorn-38456.exe	111
PID 4836 wrote to memory of 2964	4836	Unicorn-38456.exe	111
PID 4836 wrote to memory of 2964	4836	Unicorn-38456.exe	111
PID 4524 wrote to memory of 2636	4524	Unicorn-49571.exe	112
PID 4524 wrote to memory of 2636	4524	Unicorn-49571.exe	112
PID 4524 wrote to memory of 2636	4524	Unicorn-49571.exe	112
PID 3488 wrote to memory of 3412	3488	Unicorn-46110.exe	113
PID 3488 wrote to memory of 3412	3488	Unicorn-46110.exe	113
PID 3488 wrote to memory of 3412	3488	Unicorn-46110.exe	113
PID 1456 wrote to memory of 2112	1456	Unicorn-18590.exe	115
PID 1456 wrote to memory of 2112	1456	Unicorn-18590.exe	115
PID 1456 wrote to memory of 2112	1456	Unicorn-18590.exe	115
PID 2120 wrote to memory of 4428	2120	Unicorn-438.exe	116

C:\Users\Admin\AppData\Local\Temp\d42216248d66d3d8bda363645b5e8450N.exe
"C:\Users\Admin\AppData\Local\Temp\d42216248d66d3d8bda363645b5e8450N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        11⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        11⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2797.exe
        10⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        10⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
        9⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        9⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        9⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        9⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        9⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        8⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        8⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        9⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        9⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        9⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
        9⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        8⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        9⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        9⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        9⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        9⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        9⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        7⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        7⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        8⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44545.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        7⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        6⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        9⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        9⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15277.exe
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        8⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        7⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        7⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        6⤵
        Executes dropped EXE
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        7⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        7⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        7⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        6⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        7⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64291.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        6⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        6⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        8⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        7⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36576.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        7⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11444.exe
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        6⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        5⤵
        
        PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24284.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
        9⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        9⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
        9⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        8⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        7⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        7⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        7⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        8⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        7⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        7⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13732.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        5⤵
        
        PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
        8⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        8⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        7⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        6⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        7⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33742.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        5⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        5⤵
        
        PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54095.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        6⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        6⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        5⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
      4⤵
      PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
      4⤵
      PID:7740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        9⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        9⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        9⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        9⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        8⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        8⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        8⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        6⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40471.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        7⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        6⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        6⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27416.exe
        5⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
        7⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        6⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        5⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64474.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25763.exe
        6⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14094.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-379.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9865.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        5⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        7⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        6⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        7⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        7⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        6⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46169.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        5⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1266.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        7⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        7⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        6⤵
        
        PID:8876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 636
        6⤵
        Program crash
        
        PID:12904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 636
        6⤵
        Program crash
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        5⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        5⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
      4⤵
      PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
      4⤵
      PID:8168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        7⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        6⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        5⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        6⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        5⤵
        
        PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47992.exe
        6⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        6⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        5⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        5⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
      4⤵
      PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
      4⤵
      PID:6852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        7⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        6⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        6⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        6⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        5⤵
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        5⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48313.exe
        5⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
      4⤵
      PID:13428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8251.exe
        5⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
      4⤵
      PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      4⤵
      PID:7080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
    3⤵
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
      4⤵
      PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
      4⤵
      PID:8680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
    3⤵
    PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
      4⤵
      PID:15468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
    3⤵
    PID:11452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
    3⤵
    PID:15256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13051.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        6⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
        6⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        6⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        6⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19933.exe
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        8⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        8⤵
        
        PID:17572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        7⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        6⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7358.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        6⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45242.exe
        6⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
        6⤵
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42735.exe
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        5⤵
        
        PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50983.exe
      4⤵
      PID:15288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
      4⤵
      PID:6424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        7⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        7⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        6⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29290.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        6⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        5⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        6⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        6⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        6⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51018.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        5⤵
        
        PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43901.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40604.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
      4⤵
      PID:17792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        7⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        6⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60549.exe
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        6⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        5⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        5⤵
        
        PID:17804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47238.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        5⤵
        
        PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
      4⤵
      PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
      4⤵
      PID:17784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
        6⤵
        
        PID:13812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        5⤵
        
        PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        5⤵
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28349.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
        5⤵
        
        PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37167.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
      4⤵
      PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
    3⤵
    PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13783.exe
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
      4⤵
      PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
      4⤵
      PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
      4⤵
      PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
    3⤵
    PID:7956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
    3⤵
    PID:9268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
    3⤵
    PID:13640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
    3⤵
    PID:17828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9828.exe
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        7⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        7⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        7⤵
        
        PID:16108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16108 -s 436
        8⤵
        Program crash
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        7⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        7⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        7⤵
        
        PID:17868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        6⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        6⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        5⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
        5⤵
        
        PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        6⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        5⤵
        
        PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        6⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        5⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        5⤵
        
        PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
        5⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
      4⤵
      PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
      4⤵
      PID:7444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        7⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        6⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        6⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        5⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
      4⤵
      PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
      4⤵
      PID:8836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
        6⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        6⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
      4⤵
      PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
      4⤵
      PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
      4⤵
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
      4⤵
      PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
      4⤵
      PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
    3⤵
    PID:7640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
    3⤵
    PID:11268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
    3⤵
    PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
    3⤵
    PID:8856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        5⤵
        
        PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        5⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43245.exe
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56030.exe
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46435.exe
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        6⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31732.exe
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3895.exe
      4⤵
      PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
    3⤵
    PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
      4⤵
      PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
      4⤵
      PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
    3⤵
    PID:9500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
    3⤵
    PID:13724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
    3⤵
    PID:1608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38800.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        5⤵
        
        PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49462.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
      4⤵
      PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
      4⤵
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19133.exe
      4⤵
      PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
      4⤵
      PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
      4⤵
      PID:8672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
    3⤵
    PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
      4⤵
      PID:17264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
    3⤵
    PID:11384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
    3⤵
    PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
    3⤵
    PID:18324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
    3⤵
    PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29103.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64842.exe
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        5⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        5⤵
        
        PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
      4⤵
      PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        5⤵
        
        PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
      4⤵
      PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
      4⤵
      PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
      4⤵
      PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
    3⤵
    PID:9648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
    3⤵
    PID:12912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
    3⤵
    PID:15156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
    3⤵
    PID:9036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
  2⤵
  PID:440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
      4⤵
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
    3⤵
    PID:9828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
    3⤵
    PID:11072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
    3⤵
    PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
    3⤵
    PID:6952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
  2⤵
  PID:7460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
  2⤵
  PID:9568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
    3⤵
    PID:14460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
    3⤵
    PID:3136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
  2⤵
  PID:13728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
  2⤵
  PID:1968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
  2⤵
  PID:16696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6584 -ip 6584
1⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6584 -ip 6584
1⤵
PID:15004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7380 -ip 7380
1⤵
PID:17668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 16108 -ip 16108
1⤵
PID:17860

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe

Filesize
468KB

MD5
c9b2e5a99a1f30bfe2afb0cc376f0c3e

SHA1
1ce5341b9f335f91abded9e73dde44b7d51eefb2

SHA256
5f639027392d839197078e60103f92b1504fa308bdfcdf1904e73f59fa8a4643

SHA512
4732673d7f1ebac6d6557124045e1f8a3cc1a75a39090cbcad7c375b582f9d717d0f5753901042ff1a95a31a5915b599fad9c369a0439c054d62d71dd23efb2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe

Filesize
468KB

MD5
87542ba09742c2928ff250a06fce1f23

SHA1
0f1505dd0aac4b8f771834ae7f20ce9d2c114537

SHA256
3944ea2798b4ec85a7d7775ebc3daa6da06fafe45b57affe7e320a4d64891c8f

SHA512
96c191e52b8c0196ab77e1c458e0e600d86a1bc2bcb6d8a151a00a8bd29f29cce9bff0a0861bd912fce9f3c11c7c1f41de2158b1e0d96cb7ebbbabd69baed3e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe

Filesize
468KB

MD5
72207a810a8a9bd22db4337e0971216b

SHA1
49100cfb471007902635ca6e69d650e98a0584b5

SHA256
5e110d61d82569e14ab6a972afad4eddbd4f72f8ab4d2452af5d3e5432f923ab

SHA512
dc77d9de83a0a7dd152ccbf14b9d64227efe8ee8cd2bb176ca35fd329c2bf36afa399e4b2dae46f92308ecee0aa48785b5a272261545f4115ab0420cf2a5d4e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe

Filesize
468KB

MD5
e7e3e9b362b295e32b89fe5ff72e0e5a

SHA1
28bf5052fc3f52b6acee6c09becb78f01666722f

SHA256
df551bdf21ff49a3b85a570d063758e4f25209b4080ef486792248bd4aa17c1e

SHA512
494d06c99cd04778bc595fc8e5264fd79fa97fdc26f7767380e29a32dd41badc18b3d39edb51149444a2b64189239b1558fcf9fb9e76857884af106a1f86aadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe

Filesize
468KB

MD5
2f9ff3cd3a459911615f8e046e3dde3b

SHA1
d024998be5d401cd1b6226d5e1e80fbb33eca0c3

SHA256
0b2fa0900781c426060ab00708152fd07526fb44ee3071cff199d384bfb05d57

SHA512
8ed7d129107a5034d32366618cef13ec9203e0200df9fef1d45c8e8d77471858f05afdce0f68cbf7b6a3daf4d194111660da88a1384394c71deb52624c8a6a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe

Filesize
468KB

MD5
c397f167157656229def5269ae80f78a

SHA1
a944f8a585a5718522fb2aeafd5177a464aeabab

SHA256
43f7813f4950e3926eb279507e73c6e16fb4a879f249a89e3e8639b13f5b82de

SHA512
ae195b45ca9886e3c611fc652d6e8b829424647f2c47755d31c034a03a8c165d8f24e37f4891f11352d38e709a663e053be5d9fbbe87c6f0be0e6acc081f6aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe

Filesize
468KB

MD5
4480b6fb4cd90498e1e1270194aedec3

SHA1
5f5513c014516a58caa5bbda5b1214d7c297195f

SHA256
5f547ec611061ac16802cab9ab5dd719b0c01b4adf01463be9c900d73a67115a

SHA512
4ddb031777fe7bd39b590ad519dd9f7f7757739608d11badb7dbfd9adf7753cebf0a62ed2a58207b8fe5b9a14f7a5bd533b4f08f49001acfa8e40cfd11fece0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe

Filesize
468KB

MD5
076b62ef2f7db4763be878402cf065a6

SHA1
72967a3ff1db9e291ba198b68f6b3a804df1b252

SHA256
95941e99bece2454dd3e371d3067fe87037c70163388f41005546cb3ee25e087

SHA512
57e5191c83e76f1ccbd90169c8baf43e59e6986094aa03e446e59c184ef45df11615d8d4b10a14ed577f763270cdc96839ec40a2956a78ccdcbe142f1a34e4dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe

Filesize
468KB

MD5
1356e0d48e428a5ddad1ab141392646a

SHA1
ab02c9009e150eb58fd5b9077f51bc93d020001a

SHA256
05a14b76b55ec5acad12970f0954ce436ac1f146710bd2716593902f0838d061

SHA512
84c187036ad69ba9313835466350cd44847efa89cfe5e9e31db65849d0fbacdc5a4aa433f07dff3e3b9ebe7fbe5edcbb5bdc34f369ed69167d4ab9bf1ae00c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe

Filesize
468KB

MD5
4ac1e5fe9b0ec93b74adc13462d8ed54

SHA1
a9d31461475388a82c0f3138386b3eac3f13b57b

SHA256
2c7d2ea6a31e47776e13f87c3582fa79f83958deb1df42d63ea462e2cd0907b0

SHA512
e220f45ce7a058fda99e065d0c0b240224806692cf6cd49e4a85d198ce1fd05d962ac866b72994ff44824b4cb8303006546d59b8f3f52b8689dda5d1130e6f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe

Filesize
468KB

MD5
8449a36834873df33247581c3a92dc17

SHA1
7df2ff566617ad1b2fbacbfb516c80031ac64421

SHA256
83e44166a94be9c00e804a132edf230c312bc832d9415bc5ef537bfdd425f763

SHA512
ee2d0f08593e99788d5c46d908fb35efdea8a71c5373045da0f11bf9de8058e68eb910c1b62d35af11f8893c36aad8a86cace8839679ca09f0bde2103269cddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe

Filesize
468KB

MD5
fbcdc14e5ed2b1c83cc9a13555173366

SHA1
7649a1f11d746d8672fe02ce0a285c11869387ca

SHA256
22a03ff8a71a206e00bc620b5b6f63f6b0601e767aab491ba79fa0d00e61a676

SHA512
9509ae1dc0a70511adce807ed79e262dc24f0d1e1330461b2a20af8cb22b5b2e89b7b0a44fee00c8f6b8cb8e5e40e6174c27a05bb9d411846a33eb96e1cf7644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe

Filesize
468KB

MD5
242422c85a5bb4e6254bdf79b4522718

SHA1
91510d0ab2694a8e0e5648d7ada9784f83bfde5e

SHA256
ff051de282eddad8b4e6d6cb1ff7e90e1b33e31bd652c56bc26d5e645c515a94

SHA512
8fe3d7043b83afb27818326d946419f2e4c50a2b360216686432ddbc066ad5a0ae64c4b9f7fe311f1bde09359e9e5cceb5b28b01db737a684423dc9423892916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe

Filesize
468KB

MD5
b13c20158fe42d7f5791009f576b9073

SHA1
ebb1dc416e0844df04141e7924aa58247ebd89d3

SHA256
fb567f7a6ef57ffbacf12b6e9a9b60d014ad6b142d0191657a970e76d4663516

SHA512
63c96194160b8bdfbe578a16c33bbfb35c5e0cc85b3c6c2a086e8d43a5cbb13372fd5e962a2757717747f5d49706023646f106e4be9046df56ad6d33063d02e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe

Filesize
468KB

MD5
b982068b8ed39df5460d1c34452ac311

SHA1
a4bf3d839596cbfd881483ff36b255af7a94e5d3

SHA256
257ebce5abb9477424509e796ad72aaad0a3d0464eac961149d0980f22ea6f62

SHA512
7dda0d1c65bd072aa85d3d837ad58f2dea7338297da975bd313eb9cb6c1261d289e1c592fd52ed49bac927d8d1cf583f886f80cdea5434a09d42f54dfa27caed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe

Filesize
468KB

MD5
0f0d92e1ae2218fba62ba682285da45c

SHA1
f83af829cf77ef9db56c6ce59e459e237094554f

SHA256
e5121336a4883cce244295bbd10d7678f51ba79528db70fb0bb3d311931a6709

SHA512
5a7a2db8c1f309e17926338ae462cc3421d09fb832dc151a9f6bb92adfa67c3a72c382de2405680e2b8becdfd4eaeaa836a40b367f4ddd393861bcab50dd0b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe

Filesize
468KB

MD5
4423fd78e8281c08b614b2cfa8827010

SHA1
8125d7ac8bdb0e020d8de821b8e4c154a6d4c94e

SHA256
e709a009e49d1ff344c66e9b2cfcc093dbdd46c1da126e7c00eb7ec414e9bbef

SHA512
919a260392289054b7b15512cb6355d8d1d47ba6722255746f044d55ffd0f34dda50ca837aa0f9b76b82960d41ff662a443a1e3aa283936ffdca6a14d5b42488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe

Filesize
468KB

MD5
367aed4f1715125baf0309536e5f11be

SHA1
138cb9bab31c201757468e787478d0d60fc74238

SHA256
a5525b7223812745620a30368986d039413574c6d28372475acfe1473f171ab4

SHA512
f37567c0249a2fd8189e0c1ba67e98ce4bb38b669694a795aa007b1af0146cc0ef86a4a7c39a496182b3966ffb5316b759197ab03ab0088116bc3bf227796d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe

Filesize
468KB

MD5
c428fb72a57f0aed6dde9f02b1350ebd

SHA1
9b9a2b59f2165cfcc780cb807b486dfa731b6119

SHA256
502973da8534a313e0ef0b80a07a280f9e6777f932b434f36e99f206608b0534

SHA512
0f44358c235354a0d993fa564722c2929613eb317c726a66f24240595197ef906f7f177d2b4b20a820f31f93cbb6bdf294270c478dde6e8c342d4d3f44424a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe

Filesize
468KB

MD5
c6348fbd94a189db989649c4fa3a2927

SHA1
cb805ec835fcd7c25215652ef65a09679090eff4

SHA256
0c989482c10c2f1a0d63917ee8cf7126a4a9a713bce5d02b1ef94fce3eccfb35

SHA512
b853912be4cf34f03887b3f694987b1307c2a5a95e000f7ded0186ecee8b2ce7aea4f3f21d418715a2ae6a20da66701a0b5700c575190a49921018a5bfac1485

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe

Filesize
468KB

MD5
f8c1485263743dff54307832e0aae3b0

SHA1
20b6e4069964679782f28e08208caca3900ef27c

SHA256
bd5b42aff49cdfb50adfe976f5533fe78d575686bf6e5a3c30169f1d2fca8f68

SHA512
cf82771eecbed1ad3ae7e2a2632864677951a6d08a3b33dfdba3ff94dfa7d20716994badf4bdd4709ec2bb470c5872f886d0d04dd750ef8d21c55634c3a0ac80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe

Filesize
468KB

MD5
ecbfa3cf1fdef27f946424df3450a4d4

SHA1
6d8adfaf2e75010e921a2b2e104c0516e8620ed8

SHA256
83b7916fd6645411b173378318bc0a509158d26412390898fb6586f17dd4f8a2

SHA512
a12fb13f16e37a4d7df03fba504b322fae9aa298e91e7f7b76ae1375a12ab8ea4cddd95f928bfbafcccc29b311b2b6afde6d9ad640aa94e4617ef357cfec253f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61891.exe

Filesize
468KB

MD5
7be505ceee39501c86317ae64e7d0d8b

SHA1
60cb71fb4c077efe399cefd64c63ec9d7ec820b0

SHA256
289f269889831bffefb061cae873716b847a1a47dddb0aeb55274a52cb32b936

SHA512
33049611847fecc8f79ed02a8015a8b8394db55106dfd65303c1ca561921cc198eccac0baf27c382aa4c15c912d4900f87b924366b6d2aa3b9550dee6e625b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe

Filesize
468KB

MD5
eae46f7e84419787b4d867610e056f90

SHA1
0b3a1a71e0d794b87aa4d17dfae67758864d9870

SHA256
d08a7aefe4f164f36a3c415843cb96cf92743a09ef533079a1fc57691ff7deee

SHA512
6c86ac0a0a232a69d3670e2ed26056017e1bb937c57621d810fa2bed834c28f36fb07a73fc90b2fa45df14af2605cb8a26df4a47daebed86c2c8d363e15f8cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe

Filesize
468KB

MD5
2bfcb61d8f04526692faa2b597b45ee2

SHA1
2df67274764b722fc4fc7ef52bb49d94e3a1452f

SHA256
2ff31f87e188be68673b99c4676615f6aafb9c15390b7c33eb9045f76b4983a6

SHA512
dcd1579031fca2a7233ffa4838dd8c1402026699af7712cbc4b13b14d14945d3433ae7e264b0408dbceb0e970764123ac1867c3fdb1a45fad573394512807883

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe

Filesize
468KB

MD5
901d5c087abf1dc5f2549e520ed81ef5

SHA1
2c3a528b848c06a94cf5819485c458c542c079b1

SHA256
a923ffc3d18595a4339675546fe2d577fb68bd96a64b6e80ffa06287deb002b5

SHA512
19b1ff137f3384846cc7d136d700c731bfc5618006fb056e0e3848d91057cf41be9458cc1351e8b1551950575d3b374335a80c778c682501abd32a1a70156e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe

Filesize
468KB

MD5
43a4a819ac6fbd2dbc709328ca81c9bd

SHA1
7c2858eeeab59146893e19332c09ab0b92401059

SHA256
96c47f8776021d346b506b50e56479d04994a0670ff7fdbc035f6913b624274d

SHA512
7e4350efa308f634288bb2bf4442f5289a71f7f405c6807f298dfa79a3e939fb69249e007bb3ba8858a9bd0064163bd54cd9188e0caee2b256ba6a920d476355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe

Filesize
468KB

MD5
899c47e59b23603631297db531ea09ab

SHA1
0359cb11d2cf0a7dfbcee555e52292c2297094e5

SHA256
4e6a7a5e97918497f79819392f75e5b77e84df6fca6bd5f227cfeb80fefc77aa

SHA512
f78b68cdb0d0aa0f8db69161ed470c2221d3c1e0ef5a800437dc4bf1979d70702e4ad89464b2303ad1fbbe856df1f7524ee661ce76f2553a5c918c92579e045d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe

Filesize
468KB

MD5
57a31653d2c78d095495fef924bfee04

SHA1
a14d0d833e185deaafd01b3e0a6af9d65954dd64

SHA256
feb973122634789832d1840efc9dd7dd3f278464a3b2752bf36e5e6f54d2c9a2

SHA512
b481d1e4dd4060c5fc76bf43ac4f80cb70052c693c4c0f76c83cd62f4fb1e1c345faca515a46659f4faf3a018a15a1dad5abe1f160c14d11b6f3b0235445ce6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe

Filesize
468KB

MD5
8999d5a1aeb605086fde3d36a7328e65

SHA1
e24725849cd31b5015f6463e71f474539858072e

SHA256
bd07aa6bac846cfdff29a3d7e5b9ec4e14c20b01f60f7971dc45822ba8e145d4

SHA512
9a8cc3273c86f60e7e2b5715b1db1720b7c65611ff137a1a07dbf2a1765b1aade77b268e5ae6846f4e3447ec035c678569350a3f596ba911c84cff16a4e5627e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe

Filesize
468KB

MD5
c39aae05d2bbbb14c5fece38215a3529

SHA1
998c0c3f66111e14e24f66bf88d021eefb59bbc9

SHA256
84f452c96d5d8153a0e4b2873cca21c67af28f0eb90447b570618f8aac125d51

SHA512
3a8a07ecb95be23a68ee2930a18ef7bf75223239aef7c9398bc5de894d4ed5598148d1617a0897395b0d3e215ce7c777b69cdd4ff4b75fd0e9ad812fc755e0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe

Filesize
468KB

MD5
f89c220be87bff9ad11616417a15c7eb

SHA1
d41a817ac54705356aea1f41134cada8c336a082

SHA256
5c1c92aac5746a014de08317a4c655320d31fb33bb187b9c5e68f71b8a8fe507

SHA512
25fec01c947b73368e0b0921029d3d397e4294c4d438e60684dca3783e6c0c1035c851d7380fb5d5b796f77c07fc86582e0ee6fe3adbb54f2710a0a018205c53

Download Submit
memory/15748-2700-0x0000000077E40000-0x0000000077E4A000-memory.dmp

Filesize
40KB

Download
memory/17464-2703-0x00007FFE75010000-0x00007FFE75205000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads