2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
Size

468KB
MD5

1b8a5d5d466554935d8bb2bc5eb06e46
SHA1

7e9bce66a031d836f07461e6fef236317f6a4842
SHA256

2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac
SHA512

a1fe1ebca7c76f0ad41038735c1d25db9b8832334e5048966b7726fac3288b11c5c9d75fc4349b378967abe9b4a35a2e10a2892e7ee9331bcdd3d5a1fd53f86c
SSDEEP

3072:VPGjovOWI35vtbYvJg+5OfDVrrCdIqIpXlmHeVSICvlxvsIU9S5VB:VP+oIJvtYJT5Ofy0XkvlRdU9S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3600	Unicorn-48663.exe
3100	Unicorn-57983.exe
1012	Unicorn-42201.exe
1976	Unicorn-39255.exe
2068	Unicorn-54200.exe
388	Unicorn-6482.exe
4776	Unicorn-55352.exe
3440	Unicorn-40215.exe
4868	Unicorn-59244.exe
4160	Unicorn-13572.exe
5088	Unicorn-54505.exe
3720	Unicorn-60370.exe
4080	Unicorn-60635.exe
5064	Unicorn-61979.exe
2244	Unicorn-43597.exe
1784	Unicorn-54195.exe
1188	Unicorn-58834.exe
1540	Unicorn-25415.exe
3620	Unicorn-29499.exe
2036	Unicorn-64309.exe
1236	Unicorn-64309.exe
1248	Unicorn-6178.exe
3160	Unicorn-45835.exe
1608	Unicorn-45570.exe
4252	Unicorn-39705.exe
1060	Unicorn-25969.exe
972	Unicorn-25969.exe
3516	Unicorn-65077.exe
3772	Unicorn-22099.exe
5060	Unicorn-2233.exe
4820	Unicorn-34086.exe
4900	Unicorn-32597.exe
2780	Unicorn-29067.exe
3112	Unicorn-35311.exe
948	Unicorn-35865.exe
2448	Unicorn-31035.exe
4524	Unicorn-3001.exe
1708	Unicorn-37065.exe
920	Unicorn-41149.exe
2736	Unicorn-13228.exe
4648	Unicorn-63514.exe
1544	Unicorn-58253.exe
2264	Unicorn-58253.exe
3632	Unicorn-58253.exe
824	Unicorn-39779.exe
4012	Unicorn-9607.exe
2252	Unicorn-13691.exe
4060	Unicorn-33557.exe
1936	Unicorn-13691.exe
4356	Unicorn-52031.exe
3608	Unicorn-12374.exe
3636	Unicorn-45544.exe
4212	Unicorn-39679.exe
392	Unicorn-27875.exe
5056	Unicorn-62685.exe
1572	Unicorn-52379.exe
4056	Unicorn-55072.exe
4104	Unicorn-38081.exe
1396	Unicorn-4554.exe
412	Unicorn-60355.exe
5004	Unicorn-61678.exe
3532	Unicorn-30296.exe
3236	Unicorn-46733.exe
1536	Unicorn-40511.exe

Program crash 16 IoCs

pid	pid_target	Process	procid_target
4344	3620	WerFault.exe	111
6832	2448	WerFault.exe	128
9180	2448	WerFault.exe	128
7896	3920	WerFault.exe	160
8556	3620	WerFault.exe	111
7968	404	WerFault.exe	161
9436	4872	WerFault.exe	234
9452	3920	WerFault.exe	160
5016	404	WerFault.exe	161
11504	4872	WerFault.exe	234
14060	5932	WerFault.exe	233
14312	11712	WerFault.exe	559
14852	5932	WerFault.exe	233
16428	12380	WerFault.exe	812
17044	16480	WerFault.exe	833
5924	17072	WerFault.exe	853

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47148.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6796	Process not Found
Token: SeChangeNotifyPrivilege	6796	Process not Found
Token: 33	6796	Process not Found
Token: SeIncBasePriorityPrivilege	6796	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
3600	Unicorn-48663.exe
3100	Unicorn-57983.exe
1012	Unicorn-42201.exe
1976	Unicorn-39255.exe
2068	Unicorn-54200.exe
388	Unicorn-6482.exe
4776	Unicorn-55352.exe
3440	Unicorn-40215.exe
4868	Unicorn-59244.exe
4160	Unicorn-13572.exe
4080	Unicorn-60635.exe
5088	Unicorn-54505.exe
3720	Unicorn-60370.exe
5064	Unicorn-61979.exe
2244	Unicorn-43597.exe
1784	Unicorn-54195.exe
1188	Unicorn-58834.exe
1540	Unicorn-25415.exe
2036	Unicorn-64309.exe
3620	Unicorn-29499.exe
972	Unicorn-25969.exe
1248	Unicorn-6178.exe
4252	Unicorn-39705.exe
3160	Unicorn-45835.exe
1060	Unicorn-25969.exe
1608	Unicorn-45570.exe
1236	Unicorn-64309.exe
3516	Unicorn-65077.exe
3772	Unicorn-22099.exe
5060	Unicorn-2233.exe
4820	Unicorn-34086.exe
4900	Unicorn-32597.exe
2780	Unicorn-29067.exe
3112	Unicorn-35311.exe
948	Unicorn-35865.exe
2448	Unicorn-31035.exe
4524	Unicorn-3001.exe
1708	Unicorn-37065.exe
920	Unicorn-41149.exe
1544	Unicorn-58253.exe
2736	Unicorn-13228.exe
2264	Unicorn-58253.exe
3632	Unicorn-58253.exe
4648	Unicorn-63514.exe
2252	Unicorn-13691.exe
4060	Unicorn-33557.exe
4012	Unicorn-9607.exe
824	Unicorn-39779.exe
4356	Unicorn-52031.exe
1936	Unicorn-13691.exe
4212	Unicorn-39679.exe
3636	Unicorn-45544.exe
3608	Unicorn-12374.exe
392	Unicorn-27875.exe
5056	Unicorn-62685.exe
1396	Unicorn-4554.exe
4056	Unicorn-55072.exe
1572	Unicorn-52379.exe
4104	Unicorn-38081.exe
412	Unicorn-60355.exe
3532	Unicorn-30296.exe
5004	Unicorn-61678.exe
3236	Unicorn-46733.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 3600	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	90
PID 2784 wrote to memory of 3600	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	90
PID 2784 wrote to memory of 3600	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	90
PID 3600 wrote to memory of 3100	3600	Unicorn-48663.exe	92
PID 3600 wrote to memory of 3100	3600	Unicorn-48663.exe	92
PID 3600 wrote to memory of 3100	3600	Unicorn-48663.exe	92
PID 2784 wrote to memory of 1012	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	93
PID 2784 wrote to memory of 1012	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	93
PID 2784 wrote to memory of 1012	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	93
PID 3100 wrote to memory of 1976	3100	Unicorn-57983.exe	96
PID 3100 wrote to memory of 1976	3100	Unicorn-57983.exe	96
PID 3100 wrote to memory of 1976	3100	Unicorn-57983.exe	96
PID 3600 wrote to memory of 2068	3600	Unicorn-48663.exe	97
PID 3600 wrote to memory of 2068	3600	Unicorn-48663.exe	97
PID 3600 wrote to memory of 2068	3600	Unicorn-48663.exe	97
PID 2784 wrote to memory of 388	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	98
PID 2784 wrote to memory of 388	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	98
PID 2784 wrote to memory of 388	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	98
PID 1012 wrote to memory of 4776	1012	Unicorn-42201.exe	99
PID 1012 wrote to memory of 4776	1012	Unicorn-42201.exe	99
PID 1012 wrote to memory of 4776	1012	Unicorn-42201.exe	99
PID 1976 wrote to memory of 3440	1976	Unicorn-39255.exe	100
PID 1976 wrote to memory of 3440	1976	Unicorn-39255.exe	100
PID 1976 wrote to memory of 3440	1976	Unicorn-39255.exe	100
PID 2068 wrote to memory of 4160	2068	Unicorn-54200.exe	102
PID 2068 wrote to memory of 4160	2068	Unicorn-54200.exe	102
PID 2068 wrote to memory of 4160	2068	Unicorn-54200.exe	102
PID 3100 wrote to memory of 4868	3100	Unicorn-57983.exe	101
PID 3100 wrote to memory of 4868	3100	Unicorn-57983.exe	101
PID 3100 wrote to memory of 4868	3100	Unicorn-57983.exe	101
PID 3600 wrote to memory of 5088	3600	Unicorn-48663.exe	103
PID 3600 wrote to memory of 5088	3600	Unicorn-48663.exe	103
PID 3600 wrote to memory of 5088	3600	Unicorn-48663.exe	103
PID 388 wrote to memory of 4080	388	Unicorn-6482.exe	104
PID 388 wrote to memory of 4080	388	Unicorn-6482.exe	104
PID 388 wrote to memory of 4080	388	Unicorn-6482.exe	104
PID 2784 wrote to memory of 3720	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	105
PID 2784 wrote to memory of 3720	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	105
PID 2784 wrote to memory of 3720	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	105
PID 4776 wrote to memory of 5064	4776	Unicorn-55352.exe	106
PID 4776 wrote to memory of 5064	4776	Unicorn-55352.exe	106
PID 4776 wrote to memory of 5064	4776	Unicorn-55352.exe	106
PID 1012 wrote to memory of 2244	1012	Unicorn-42201.exe	107
PID 1012 wrote to memory of 2244	1012	Unicorn-42201.exe	107
PID 1012 wrote to memory of 2244	1012	Unicorn-42201.exe	107
PID 3440 wrote to memory of 1784	3440	Unicorn-40215.exe	108
PID 3440 wrote to memory of 1784	3440	Unicorn-40215.exe	108
PID 3440 wrote to memory of 1784	3440	Unicorn-40215.exe	108
PID 1976 wrote to memory of 1188	1976	Unicorn-39255.exe	109
PID 1976 wrote to memory of 1188	1976	Unicorn-39255.exe	109
PID 1976 wrote to memory of 1188	1976	Unicorn-39255.exe	109
PID 4868 wrote to memory of 1540	4868	Unicorn-59244.exe	110
PID 4868 wrote to memory of 1540	4868	Unicorn-59244.exe	110
PID 4868 wrote to memory of 1540	4868	Unicorn-59244.exe	110
PID 5088 wrote to memory of 3620	5088	Unicorn-54505.exe	111
PID 5088 wrote to memory of 3620	5088	Unicorn-54505.exe	111
PID 5088 wrote to memory of 3620	5088	Unicorn-54505.exe	111
PID 4160 wrote to memory of 2036	4160	Unicorn-13572.exe	112
PID 4160 wrote to memory of 2036	4160	Unicorn-13572.exe	112
PID 4160 wrote to memory of 2036	4160	Unicorn-13572.exe	112
PID 4080 wrote to memory of 1236	4080	Unicorn-60635.exe	113
PID 4080 wrote to memory of 1236	4080	Unicorn-60635.exe	113
PID 4080 wrote to memory of 1236	4080	Unicorn-60635.exe	113
PID 2784 wrote to memory of 1248	2784	2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe	116

C:\Users\Admin\AppData\Local\Temp\2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe
"C:\Users\Admin\AppData\Local\Temp\2199cf91746d899add74cffc7d995714c3346a19d76dcf97cf8fb76cb33c67ac.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        10⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        10⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        10⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34318.exe
        10⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        9⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        9⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        9⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        9⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        10⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        10⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39372.exe
        10⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        9⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
        9⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-224.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
        9⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 632
        9⤵
        Program crash
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 632
        9⤵
        Program crash
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21876.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        9⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        9⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
        8⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        8⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        7⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        8⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        7⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33557.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        9⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        9⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56468.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        8⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        8⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        7⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        8⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        8⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        7⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
        6⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        7⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        6⤵
        
        PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        7⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        6⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        7⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        7⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        7⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        5⤵
        
        PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        7⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        8⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        10⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        10⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        9⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        9⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        9⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        9⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        8⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21604.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        7⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14868.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        7⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        7⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        7⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        6⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25745.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13994.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        7⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        7⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        6⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        8⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17853.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        7⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22346.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        6⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
        5⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
        5⤵
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        7⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        6⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        7⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        6⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        7⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        6⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        6⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
      4⤵
      PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
      4⤵
      PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18735.exe
      4⤵
      PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
      4⤵
      PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        9⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        9⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
        9⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        8⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        8⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        7⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        7⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
        7⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4091.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48435.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        8⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        8⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        7⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59128.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        5⤵
        
        PID:14756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7162.exe
        6⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
        6⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        7⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        7⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        5⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        5⤵
        
        PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
      4⤵
      PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        6⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
        8⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 632
        8⤵
        Program crash
        
        PID:14060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 632
        8⤵
        Program crash
        
        PID:14852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 656
        7⤵
        Program crash
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 656
        7⤵
        Program crash
        
        PID:9452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 724
        6⤵
        Program crash
        
        PID:6832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 736
        6⤵
        Program crash
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32713.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33358.exe
        7⤵
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 644
        6⤵
        Program crash
        
        PID:7968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 660
        6⤵
        Program crash
        
        PID:5016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 744
        5⤵
        Program crash
        
        PID:4344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 744
        5⤵
        Program crash
        
        PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        7⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        7⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        7⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        6⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        6⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        6⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        6⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        5⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        5⤵
        
        PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
      4⤵
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
      4⤵
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        6⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
        5⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        5⤵
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        6⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      4⤵
      PID:14268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        6⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        5⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
    3⤵
    PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
      4⤵
      PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        5⤵
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      4⤵
      PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
      4⤵
      PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
      4⤵
      PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
    3⤵
    PID:10980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
    3⤵
    PID:14544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
    3⤵
    PID:5912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        9⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        9⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        9⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        7⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        7⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        7⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        6⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        8⤵
        
        PID:17072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17072 -s 468
        9⤵
        Program crash
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        7⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38293.exe
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        6⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23042.exe
        5⤵
        
        PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        8⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        6⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        6⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        6⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        5⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        5⤵
        
        PID:11712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11712 -s 464
        6⤵
        Program crash
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        5⤵
        
        PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26155.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        5⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        5⤵
        
        PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
      4⤵
      PID:3340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        7⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        6⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        7⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62471.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56063.exe
        5⤵
        
        PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        6⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        5⤵
        
        PID:12380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12380 -s 436
        6⤵
        Program crash
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        5⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        5⤵
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
      4⤵
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
      4⤵
      PID:16948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
      4⤵
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        6⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        5⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        5⤵
        
        PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      4⤵
      PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
      4⤵
      PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17543.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        5⤵
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
      4⤵
      PID:5828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
      4⤵
      PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
      4⤵
      PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57815.exe
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
    3⤵
    PID:15944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
    3⤵
    PID:14852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        9⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        8⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4866.exe
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
        8⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        7⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36703.exe
        6⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
        7⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        7⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32382.exe
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        6⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15225.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        6⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        6⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        6⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45357.exe
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44878.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
      4⤵
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        5⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        5⤵
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45746.exe
        6⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        5⤵
        
        PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20997.exe
        6⤵
        
        PID:16480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16480 -s 452
        7⤵
        Program crash
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        5⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
        5⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
      4⤵
      PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
      4⤵
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        6⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        6⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        5⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        6⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        6⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        5⤵
        
        PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
      4⤵
      PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
      4⤵
      PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
      4⤵
      PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
      4⤵
      PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
      4⤵
      PID:7064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
    3⤵
    PID:10552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
    3⤵
    PID:14560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
    3⤵
    PID:4464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        7⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        6⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        6⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
      4⤵
      PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      4⤵
      PID:8572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        6⤵
        
        PID:16400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
      4⤵
      PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61214.exe
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
      4⤵
      PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
    3⤵
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
      4⤵
      PID:17020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
      4⤵
      PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
      4⤵
      PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
      4⤵
      PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
    3⤵
    PID:9476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
    3⤵
    PID:16140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
    3⤵
    PID:17036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
      4⤵
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51209.exe
        7⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        6⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44297.exe
        6⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
      4⤵
      PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
      4⤵
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
    3⤵
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17414.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
      4⤵
      PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
      4⤵
      PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
      4⤵
      PID:6700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
    3⤵
    PID:9496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
    3⤵
    PID:12576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
    3⤵
    PID:17368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
    3⤵
    PID:1476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
        5⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        5⤵
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
      4⤵
      PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
    3⤵
    PID:7988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
    3⤵
    PID:11788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43195.exe
    3⤵
    PID:15912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
  2⤵
  PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
    3⤵
    PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
      4⤵
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
      4⤵
      PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
    3⤵
    PID:10196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
    3⤵
    PID:12416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
    3⤵
    PID:5424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
  2⤵
  PID:7644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
    3⤵
    PID:16724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
  2⤵
  PID:9776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
  2⤵
  PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2448 -ip 2448
1⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3620 -ip 3620
1⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3620 -ip 3620
1⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2448 -ip 2448
1⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3920 -ip 3920
1⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 404 -ip 404
1⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4872 -ip 4872
1⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3920 -ip 3920
1⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 404 -ip 404
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4872 -ip 4872
1⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5932 -ip 5932
1⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 11712 -ip 11712
1⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5932 -ip 5932
1⤵
PID:15260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 17072 -ip 17072
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 17284 -ip 17284
1⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 17252 -ip 17252
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe

Filesize
468KB

MD5
528f6a01a6c4fcd2106a13f58d111ab3

SHA1
f6f913fb90f5f8f77af0b8703b629e3010bc5bed

SHA256
efee94b678a03e8e69ad22a19465bcda840b7bcae62cdd0dd7532c1e5d031516

SHA512
e3faab88ad390f3ce0a55927cebf3f992255e573729712ee28dea655ecd0807ed7a4c7615f52079ef20244b564135f7a33eab2c16ac8cdceaa78c75e318929c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe

Filesize
468KB

MD5
10666ed35bda388b20a7c1592e06d269

SHA1
ce5d3d725238a10a8ecb07d30c765ab7863881ab

SHA256
b624273239e3024d1badeece99c545c7d3a3c9da0ac8e38ed8fcb50b5d9ad5bc

SHA512
634c828bf06dc03823c3ffd545149c7408814a6fbdccdb9c5cbddac0177ada71ddca103b0a5e2a02fc0b2a92269c796f257f051562dacb23fbbd0f58036ee75b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe

Filesize
468KB

MD5
34ab2c7da268b0197ec6c51afa8aa6ab

SHA1
3cc08c5dcacf22400856c067d792c34e1e1dc2af

SHA256
85c2683f06444e22c5d2145665fd8ab83894554148e71cab6454e4860947ef55

SHA512
46d4d39243eae216537f2844fade6c8eb3527ac136c71f7c458b4e6fcea3b8acda86ecbd85997115b7179cb7deb6c6d7cd8c46b0d4a50e74aa8c451d3d3a8a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe

Filesize
468KB

MD5
2dda727237a57ea1da2143da6ee8cd14

SHA1
d088285f0909a6e865731f0168e222395dd3e9c7

SHA256
80f72fdbc5b9aa90ed994bc07e95da1925fb7bf9476f90cb9f87b8522517ec0f

SHA512
4bef7183313b6dc6117c2b7bce26e796cc9d176b33360e26e3887a686991ec8f82378c88f625c5fa7d9bdd541a662fd87747d975bec3c69450799359afd5d905

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe

Filesize
468KB

MD5
f554374201ab2bea10d2fec6fd0131f6

SHA1
a180713a46e8191800b5f24343c7e93d4d0919fa

SHA256
99428f650666c2e3be9aca68283d8875bb6478534d299a3a2ea69bb37a2388c9

SHA512
32cdb8d79b6a76a14750dde24256afa4a808216f55e492549affc4397c8305ac020bc37077469ba78768be61b8f241fe293394a35fe309457ec41713d06cb756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe

Filesize
468KB

MD5
4b51e27e52887ad488a9909c09e5b652

SHA1
8011b06c23c124ea94183f8298fa4199b6773775

SHA256
b0bc34895d72c27693e8a9a6dd7054adb11426f03f3bbb1bbb50e62e9d6d18ef

SHA512
93df0ab328290ba1c489006969e200654e7796b049c0c98348a99d590f8a296aaab6d61e5bdf5b2c462c52b20d90e55abb9c701333c52be3e652fca355d6e4ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe

Filesize
468KB

MD5
e0d070281a0ed576cd90e47e8b306b57

SHA1
29792fc84cb19797e05c3a1ed954a8d10f346a8e

SHA256
95ad1db6f6bfa1dfa66db3dd0b4ae55fbf3223112d77b00975d3adf3f1d8c772

SHA512
ab5eea94aaa6e2be409d582fe596d6281094fee44fbe2dbd93bfacd2ae0dd0d1bad215f6d3bebc0e5e7d1b60e976f48d4d9b2456f292a976581dd9bacfe8ab19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe

Filesize
468KB

MD5
c3ea1860f3cd06cbaa851791b6801711

SHA1
55b1c53a7f26e90145ce3ad3f6205c5ee1914401

SHA256
9622defbe1265d68a5303b37e2462e0718938a0c15609472115315d78fd1f327

SHA512
abf7a18ad1b83f10909c6cf20bed0a8cbecf5ba78db9bf460adf33e731229088bb0f0f536aadb8a066301cb1bd090c627895222d5daec2fa4dd1726d85df81b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe

Filesize
468KB

MD5
34129e41e724e457ab20a19185e6c6f0

SHA1
3932f579658de773868b0da9159695493c336a77

SHA256
b918eccf3bb2f84c15068671ca0678a127eb0d2986b9fef830b5a9776a170398

SHA512
e9aad0dc344dff1bb13dfa8605067a86be1d4bc6705fd54e0920011109296c2fb26f44aa6fee946865ac0610998e6b528876dec3741bdd248737a9cbfb9268a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe

Filesize
468KB

MD5
3610e0b4118c02ee96c67475a9ec29d4

SHA1
187f0b886807cbb8c1341be391cb920bb8c73011

SHA256
677e40d9866bf2b5539bcb900b662a10ea02a6f026a100afe9ebdc49b75eb67d

SHA512
032c5bea5f3c8535c3f8279bf1d3ffcaf12c9733234be90695e797b8117f322860504e0a032ceed91c792711f743d7078aef4180f9c324918bfe9ae5022de134

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe

Filesize
468KB

MD5
cde287b12921033edc1596c0c68bf313

SHA1
42955d91ed04b4699cf982eb86eafb9926a32842

SHA256
f015c08c57064c47ea762e4f7d13136283dcdc72a1d6496038dceda677665c19

SHA512
a7cedeed9a9c07fd0b52bb5a5baa87140cff184df9ea03385b08ae9e02aa43953cc2e49f957c72d106859bddb31fb4c7de8b48a715be4133a54c38fc8fda79f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe

Filesize
468KB

MD5
41f918fe7d34c8af899bcbfdacbfe66f

SHA1
4f8bed9c02fbb100056dec4379dd168548ec4121

SHA256
8f37f6dbf05438c92749cc81e2461591ef3f63e8c5af7cd6cd4d0a4d541898d3

SHA512
4f5ca10d23512a828780e4922d172765f6f43ee398539edc7ee7f824f08bf9680027de6c722d8cf2c855dc289bc23ed014525d497a23c8330b184863ba74d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe

Filesize
468KB

MD5
d669688c8ab81c2c5601cf31d3bca411

SHA1
35266ef5267602e6941e11b659272f90281770f5

SHA256
b4d432140eb413fccac59cd677beb6a94468de99314b249b3519681438c1d059

SHA512
e11727a6594229b956f811e63e0f9b31e777de123227f3f66967e27d08193cd8411cc9b3df351049eac76ea8e018dc4fd1e4b1b792d22e986d232954c62ff064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe

Filesize
468KB

MD5
b80625bb02bc33f2aad79ac717603cee

SHA1
6f107337b5802007efd46c764fdb3020041a2f0a

SHA256
064fec44526aed8c7f2e28363553a81c9a4324213f834f98711dac5fdc6c8f69

SHA512
cdade9736556e504ad460bf529cdf4b4f6e73ed63c65172ccb5b5324db55197bf68dba88ba25fbdb8279c89ce8e01234b3e5110c223316f7a2bd87bb563b8696

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe

Filesize
468KB

MD5
259b765a32e76a3c3194ff730372c30e

SHA1
3935d2048cf481af730549ad34d0d1118b710f59

SHA256
83ff71528ac9d409b0953260376dd3ce2daa26c48de5d75f1864a940bc98dcde

SHA512
0f311ca16afdb39913e0733eec0e164146a8f70fecb595b759baf9cfc9a5c13997795ae7e46374701c8c6f5b028776dc5c5c58d95b2f1924e11db7139fd6a92f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe

Filesize
468KB

MD5
ca971135608c96041694bbe29a39d02a

SHA1
27b04660b8744c54e5a78a9665a216804d4912ea

SHA256
056f81325b858ef0b966043923b4c8904ddfe3ee1fe31b412eca4f6c8ed41039

SHA512
1c05a724e4af58d1ed305ebfce81da403059da6d13c69e0dc6b5c668fc84ee9db8d89c75f218249091d221d05afdd7ef1a322baccdb0a3884c7902c7d9781e49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe

Filesize
468KB

MD5
66c9278745e0bfad4bb35afe8e7cdc9d

SHA1
ac457e1f04fa3ae20d4d822006df2130ab6056a4

SHA256
a5854a100407c6f54160e5321e136d28b1638e594acdbd391ba44420d4e4c54c

SHA512
58f44fe346df434de8775598bf70468f9060a9ebf8391a1c12503676a0114b8bfc27d29fd6f411bdcbec782bfbaeea9ea68588ec23cc45f0e1f69088e01473e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe

Filesize
468KB

MD5
517226ceb3b78894d5fdc7445e3857e1

SHA1
6a51b7e48e9469638f16739e52ff0ba59f7a88ac

SHA256
fee0ac62626610cdfa51a7e67872cd9a5a4dbb7a923b2116e9ed669e175afcdd

SHA512
d00f310eb2b8af800e70b7f114e9603281a34c8014c88e62c6344e59162f2b77c38c54ffca050513dc2c482c7241250b69e27a675b3bf848c72967d3a6887167

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe

Filesize
468KB

MD5
1b696cbaf2236b2283bca6f9f4bcd9cc

SHA1
37d149d73d8456ea6650a061c3fe55bdcebf6a0a

SHA256
8698bf6e6b1a85e42d28add3a3f9103ba45bc28395187eaf26ef356637e851ca

SHA512
309f61b41f189a15a8d86a449df75e85a85c97e0232899d17134f98ec49601ea8ed9e5b58a2dd2c3557aa619ae871866a386c704777fa56f182ce1b7917d35da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe

Filesize
468KB

MD5
ee114cae7f6ecf2643d409ea106f42a1

SHA1
d32b756a6408dff1cf6a4bcc0ebca3d345c537fa

SHA256
ea7f3ee839c8677bac1bf5e31bb90fac62e21ddfb706b67c708abdcdce852137

SHA512
dbcf9f116a6d79ea6ebb736a1d57874b545c131ea0f4e5379407cdfea9bb0a9ffdf5c6df6966a0cbc3f84cab5a73a136fccca668b828f3f8d65c12298d9b6899

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe

Filesize
468KB

MD5
67660e161296c386a62e1e7ecdc3e2e0

SHA1
795f8465e83795e664e4e63b58b3cd2d11ff10b8

SHA256
7373049deeb371dd409449d034f7560541528de79bb5c2b8cbe82d052e6cf14a

SHA512
8c2d6c4cc2a62ec321bc2da3ca2ed1afb95a8ecb4baf8085c2c5a527a36f0e698cdb953d1986724d1f2404ed968d79fe88569ae05b5664004fde5516e99ccfc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe

Filesize
468KB

MD5
721f5995aa116200fcc847a361681cda

SHA1
81d3416563f8bfca748b39c9d3f13ffb2df5376d

SHA256
801aea8e01312f87e844e7419ec453f56e37e8a416507d2a7ff0a2dd2c9b9e9e

SHA512
d1ddde2442c367f4d2ec6d097834e29129fd062517880939d84fa38c20417c721ddd7d9f9e1acaeed5ec54a4e9a3e2fee64acf0ef68858cdab6522315075efa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe

Filesize
468KB

MD5
40f66acc344051c3365309aa24b64c4b

SHA1
0a5d1db49d248f275c2268f62be90b8041d6e4de

SHA256
f7b03bff04adbc1f2951778e0bc1caee087373b526172a10d514331b5de31f27

SHA512
d0b6148f7e69336fc53bde727addbb694510c9b45c8a5d90f17930726413da1f03f09b8eae9169bec92976b84554bd43014da55e71cea24d45f67c236acb1d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe

Filesize
468KB

MD5
894e61a55ab68e5c04d488b7c33070b6

SHA1
15c9b0249bba3df4066ac28d4ebb4682aab69c96

SHA256
d878631bf05001ea4e90de58df040bb070cc34092001cf28ceea24a0d3de8901

SHA512
5b5c3d590a32c0c31dbae59c05762f02991b3c68fd1955350bd071ffda1d9b0ef2e204bd8fd871932e2c4c004d3463894ac92a8d509a56ae60a55c871d61d094

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe

Filesize
468KB

MD5
3a87eb80f420d1aa5b11642e396dcf81

SHA1
d1bdc7e1f8671713a59723d1a18dcffdc027f469

SHA256
d204d0d8d141989cb5f759afc7f99769a9f95f08ee1aec64def7b981c2d3190a

SHA512
9eb87c56383ec29068d8b1e0dbf053440ecb493f9e4359cbc9ec513e135f359d13d84e94dd1d9b5eaf56f84a9bc87177a4c271e6ac80acc034d28d0e62b905da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe

Filesize
468KB

MD5
a78e85bf256f1d85bfd422d91d2f960b

SHA1
447361c935b744aa205034ed68a7c49f8fce038a

SHA256
96b3dd0766f4f3c82b1de82aa9ca691431c8f0ee4de40a34281312165d622b28

SHA512
f443a0a02119027e66941cdd9aaa632f8e6a80d10dbfda2c52b90957ce6f637e84602a7f75884730df71392c6e5f3866f9b2ed4882d1541659b4509e35f5458e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe

Filesize
468KB

MD5
35c36c771cf6e7f98165036d2131eeab

SHA1
6a9894d9d2a096b91d60875204a514cc0958eb60

SHA256
8eeb5cecd7c5233face1a4e2baf2ef0c3b048b43ad32cbd246da28472aaadab4

SHA512
a56bb3c38573a98a6e39f7673c684f88a6d3d22e827530e59a2400963558a8deb5d9e0a68d73039a67e0e02b938a7542e4460f3580ab1e911dbe4ca21dacc48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe

Filesize
468KB

MD5
1f3d517bd1a29494745e4eecda0793b3

SHA1
960507aba88027c3e061d6668979be49ebf34886

SHA256
1bc82a4abd2d584161217c400f2cb93aa55c576cdc92121d5957abe8a1b5f03f

SHA512
d69ca4109028ddb29de05d711e3b59cda2e62c01a48adcd113268b00891872c0b01e4d1f743686c13407722bdea4a4e5f3c3c5cda9b4e77ecb3922308e203d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe

Filesize
468KB

MD5
e9ce38be657320c413ed971ed21511cf

SHA1
e0aa118633786de8923ac54a7510796130237d38

SHA256
91fee08786fd1dfbcfb59247bda7fcd475fb846d5223a6c53a91b50a2b242256

SHA512
7a9f357b2d337a2e262694337bba8de108d9e961e9ab58d8d82c2b62f5505be7353e1e392d5bed99027c5d4975fa822f3f3b75e62e27aae94771d25ac345e6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe

Filesize
468KB

MD5
19ad69621680bce0625478954c3df5ab

SHA1
97932905c02e3cb9e7740aabf3fa2feb0505ff7b

SHA256
dcd36bd4c6acae005419940dd3dadc1d9e39db58499fee0e164a13c20af3aeea

SHA512
d826a985793c3b2a7b817a98315ef4404d2a47c26a05a946cf66d2c61cd2731239381ee4809901519be544e2e537a70ad6ebbc33eba47bf3c2fa40f0f61a0f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65077.exe

Filesize
468KB

MD5
ebfda4b9be2e664c272c7e4e12f92778

SHA1
dd87ed7bedbe3fcfe03051c682ac51d090f002db

SHA256
52664483b351062191bbe860fc03223165e7beb511d962bd7913761bff9cefe4

SHA512
6a5afd36e8c733488ab3dc076acc8dc82fd5384963350a44464d739bc4a43a3de9627b36c01f86babfbb5d33718fd7dbd363158f609b5b7daa1a9ab924855fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe

Filesize
468KB

MD5
fcb62c89f68fbf253930e2d86dfa4717

SHA1
9ba77856f22319dbff6f096580f374f6aeee2494

SHA256
187f83507598fddbd8add24eb4c9703af055401f572f2caaeff03f463a531307

SHA512
602bf10736e851921f6e5fdb9d1b0d302177963c4159bb549b3ffbd0c500b62115025f2fba0b1fbefa17da7f8ca9700eee71dcec2579f57a5aaad12fa32ce3f9

Download Submit
memory/3060-2889-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads