07de78d12470df7202724b80fe5337391dd19f19f3c1eb93c161ee23ea9a1185

Analysis

max time kernel
114s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e46e3fc1e251b75fb09f7e5d61e4d940N.exe
Size

468KB
MD5

e46e3fc1e251b75fb09f7e5d61e4d940
SHA1

6e98e0829f8d65b92eb701f92a9a08c5c54f5d60
SHA256

07de78d12470df7202724b80fe5337391dd19f19f3c1eb93c161ee23ea9a1185
SHA512

c84b6d9042b240a125bbd73aaa2f18d298432e8f405cb24d7b9636608ed9f87aaa03d62264438fecf0b6f6c947f3810e17601dc64687741a8921d625aa999fb5
SSDEEP

3072:yu0VogkEIY5AtbY9zfjTff8wfxhiw6pp/EHCYV/hDWdL3AXuJRlH:yueotYAtSzrTffjy5+DWZQXuJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4876	Unicorn-41346.exe
3596	Unicorn-14677.exe
4072	Unicorn-2980.exe
1140	Unicorn-38746.exe
4056	Unicorn-27048.exe
3436	Unicorn-54890.exe
1164	Unicorn-44676.exe
688	Unicorn-36546.exe
4828	Unicorn-46560.exe
1668	Unicorn-60858.exe
2296	Unicorn-3489.exe
3632	Unicorn-56774.exe
2864	Unicorn-57521.exe
1336	Unicorn-49685.exe
804	Unicorn-3939.exe
2936	Unicorn-7137.exe
636	Unicorn-28112.exe
2276	Unicorn-55954.exe
2372	Unicorn-52425.exe
5048	Unicorn-39618.exe
4708	Unicorn-47594.exe
4900	Unicorn-43510.exe
3212	Unicorn-27728.exe
4532	Unicorn-55000.exe
2908	Unicorn-6561.exe
3624	Unicorn-26909.exe
4424	Unicorn-21043.exe
3836	Unicorn-7308.exe
912	Unicorn-42270.exe
1808	Unicorn-54257.exe
3544	Unicorn-30018.exe
1056	Unicorn-18128.exe
2100	Unicorn-13489.exe
1568	Unicorn-15527.exe
4732	Unicorn-42248.exe
1244	Unicorn-62114.exe
2332	Unicorn-4937.exe
1716	Unicorn-12211.exe
5088	Unicorn-35040.exe
772	Unicorn-5897.exe
4300	Unicorn-20187.exe
4428	Unicorn-39722.exe
2500	Unicorn-51974.exe
3224	Unicorn-32108.exe
1992	Unicorn-52721.exe
4260	Unicorn-11133.exe
3140	Unicorn-11688.exe
5080	Unicorn-35446.exe
4752	Unicorn-39530.exe
4508	Unicorn-55866.exe
3692	Unicorn-64034.exe
3256	Unicorn-15025.exe
3656	Unicorn-10676.exe
4244	Unicorn-14263.exe
1208	Unicorn-52529.exe
2632	Unicorn-8895.exe
2072	Unicorn-34484.exe
1364	Unicorn-52358.exe
1684	Unicorn-11517.exe
960	Unicorn-49021.exe
1700	Unicorn-29699.exe
832	Unicorn-64418.exe
4612	Unicorn-56250.exe
2772	Unicorn-52913.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5724	3656	WerFault.exe	150
9064	1296	WerFault.exe	163
9256	1296	WerFault.exe	163
10296	6332	WerFault.exe	242
11412	6332	WerFault.exe	242

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26407.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17604	dwm.exe
Token: SeChangeNotifyPrivilege	17604	dwm.exe
Token: 33	17604	dwm.exe
Token: SeIncBasePriorityPrivilege	17604	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe
4876	Unicorn-41346.exe
3596	Unicorn-14677.exe
4072	Unicorn-2980.exe
4056	Unicorn-27048.exe
1140	Unicorn-38746.exe
1164	Unicorn-44676.exe
3436	Unicorn-54890.exe
688	Unicorn-36546.exe
1668	Unicorn-60858.exe
2296	Unicorn-3489.exe
4828	Unicorn-46560.exe
1336	Unicorn-49685.exe
3632	Unicorn-56774.exe
2864	Unicorn-57521.exe
804	Unicorn-3939.exe
2936	Unicorn-7137.exe
636	Unicorn-28112.exe
2276	Unicorn-55954.exe
2372	Unicorn-52425.exe
3212	Unicorn-27728.exe
5048	Unicorn-39618.exe
4900	Unicorn-43510.exe
4708	Unicorn-47594.exe
2908	Unicorn-6561.exe
4532	Unicorn-55000.exe
3624	Unicorn-26909.exe
4424	Unicorn-21043.exe
3836	Unicorn-7308.exe
912	Unicorn-42270.exe
1808	Unicorn-54257.exe
3544	Unicorn-30018.exe
1056	Unicorn-18128.exe
2100	Unicorn-13489.exe
1568	Unicorn-15527.exe
4732	Unicorn-42248.exe
1244	Unicorn-62114.exe
2332	Unicorn-4937.exe
1716	Unicorn-12211.exe
5088	Unicorn-35040.exe
772	Unicorn-5897.exe
4300	Unicorn-20187.exe
4428	Unicorn-39722.exe
3224	Unicorn-32108.exe
2500	Unicorn-51974.exe
1992	Unicorn-52721.exe
4260	Unicorn-11133.exe
3140	Unicorn-11688.exe
5080	Unicorn-35446.exe
4508	Unicorn-55866.exe
3692	Unicorn-64034.exe
4244	Unicorn-14263.exe
4752	Unicorn-39530.exe
3656	Unicorn-10676.exe
3256	Unicorn-15025.exe
2072	Unicorn-34484.exe
2632	Unicorn-8895.exe
1208	Unicorn-52529.exe
1364	Unicorn-52358.exe
1684	Unicorn-11517.exe
960	Unicorn-49021.exe
1700	Unicorn-29699.exe
1556	Unicorn-64418.exe
4412	Unicorn-48829.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 4876	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	90
PID 4928 wrote to memory of 4876	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	90
PID 4928 wrote to memory of 4876	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	90
PID 4876 wrote to memory of 3596	4876	Unicorn-41346.exe	94
PID 4876 wrote to memory of 3596	4876	Unicorn-41346.exe	94
PID 4876 wrote to memory of 3596	4876	Unicorn-41346.exe	94
PID 4928 wrote to memory of 4072	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	95
PID 4928 wrote to memory of 4072	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	95
PID 4928 wrote to memory of 4072	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	95
PID 3596 wrote to memory of 1140	3596	Unicorn-14677.exe	98
PID 3596 wrote to memory of 1140	3596	Unicorn-14677.exe	98
PID 3596 wrote to memory of 1140	3596	Unicorn-14677.exe	98
PID 4876 wrote to memory of 4056	4876	Unicorn-41346.exe	99
PID 4876 wrote to memory of 4056	4876	Unicorn-41346.exe	99
PID 4876 wrote to memory of 4056	4876	Unicorn-41346.exe	99
PID 4072 wrote to memory of 3436	4072	Unicorn-2980.exe	100
PID 4072 wrote to memory of 3436	4072	Unicorn-2980.exe	100
PID 4072 wrote to memory of 3436	4072	Unicorn-2980.exe	100
PID 4928 wrote to memory of 1164	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	101
PID 4928 wrote to memory of 1164	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	101
PID 4928 wrote to memory of 1164	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	101
PID 4056 wrote to memory of 688	4056	Unicorn-27048.exe	102
PID 4056 wrote to memory of 688	4056	Unicorn-27048.exe	102
PID 4056 wrote to memory of 688	4056	Unicorn-27048.exe	102
PID 4876 wrote to memory of 4828	4876	Unicorn-41346.exe	103
PID 4876 wrote to memory of 4828	4876	Unicorn-41346.exe	103
PID 4876 wrote to memory of 4828	4876	Unicorn-41346.exe	103
PID 1164 wrote to memory of 1668	1164	Unicorn-44676.exe	104
PID 1164 wrote to memory of 1668	1164	Unicorn-44676.exe	104
PID 1164 wrote to memory of 1668	1164	Unicorn-44676.exe	104
PID 3436 wrote to memory of 2296	3436	Unicorn-54890.exe	106
PID 3436 wrote to memory of 2296	3436	Unicorn-54890.exe	106
PID 3436 wrote to memory of 2296	3436	Unicorn-54890.exe	106
PID 1140 wrote to memory of 3632	1140	Unicorn-38746.exe	105
PID 1140 wrote to memory of 3632	1140	Unicorn-38746.exe	105
PID 1140 wrote to memory of 3632	1140	Unicorn-38746.exe	105
PID 4072 wrote to memory of 2864	4072	Unicorn-2980.exe	107
PID 4072 wrote to memory of 2864	4072	Unicorn-2980.exe	107
PID 4072 wrote to memory of 2864	4072	Unicorn-2980.exe	107
PID 4928 wrote to memory of 1336	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	108
PID 4928 wrote to memory of 1336	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	108
PID 4928 wrote to memory of 1336	4928	e46e3fc1e251b75fb09f7e5d61e4d940N.exe	108
PID 3596 wrote to memory of 804	3596	Unicorn-14677.exe	109
PID 3596 wrote to memory of 804	3596	Unicorn-14677.exe	109
PID 3596 wrote to memory of 804	3596	Unicorn-14677.exe	109
PID 688 wrote to memory of 2936	688	Unicorn-36546.exe	110
PID 688 wrote to memory of 2936	688	Unicorn-36546.exe	110
PID 688 wrote to memory of 2936	688	Unicorn-36546.exe	110
PID 4056 wrote to memory of 636	4056	Unicorn-27048.exe	111
PID 4056 wrote to memory of 636	4056	Unicorn-27048.exe	111
PID 4056 wrote to memory of 636	4056	Unicorn-27048.exe	111
PID 1668 wrote to memory of 2276	1668	Unicorn-60858.exe	112
PID 1668 wrote to memory of 2276	1668	Unicorn-60858.exe	112
PID 1668 wrote to memory of 2276	1668	Unicorn-60858.exe	112
PID 1164 wrote to memory of 2372	1164	Unicorn-44676.exe	113
PID 1164 wrote to memory of 2372	1164	Unicorn-44676.exe	113
PID 1164 wrote to memory of 2372	1164	Unicorn-44676.exe	113
PID 3632 wrote to memory of 5048	3632	Unicorn-56774.exe	114
PID 3632 wrote to memory of 5048	3632	Unicorn-56774.exe	114
PID 3632 wrote to memory of 5048	3632	Unicorn-56774.exe	114
PID 4828 wrote to memory of 4708	4828	Unicorn-46560.exe	116
PID 4828 wrote to memory of 4708	4828	Unicorn-46560.exe	116
PID 4828 wrote to memory of 4708	4828	Unicorn-46560.exe	116
PID 1336 wrote to memory of 4900	1336	Unicorn-49685.exe	117

C:\Users\Admin\AppData\Local\Temp\e46e3fc1e251b75fb09f7e5d61e4d940N.exe
"C:\Users\Admin\AppData\Local\Temp\e46e3fc1e251b75fb09f7e5d61e4d940N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        9⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        10⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        9⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        9⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        9⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        9⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        8⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        8⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6217.exe
        9⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        9⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        9⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28328.exe
        8⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        7⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        7⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        8⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        7⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        9⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        9⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        9⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
        9⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61437.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        8⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        8⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        7⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        7⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        7⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        7⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21583.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        7⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        8⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        8⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        8⤵
        
        PID:18312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        8⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        8⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52657.exe
        7⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        7⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        7⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        7⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        7⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39554.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        5⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        7⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        7⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        6⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        5⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        5⤵
        
        PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        9⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        9⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        7⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        7⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        8⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        7⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12943.exe
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50514.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        7⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        6⤵
        
        PID:18096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        7⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        6⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        7⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        7⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        6⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        6⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        5⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        8⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
        6⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        7⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        6⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7716.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        6⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        7⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52028.exe
        7⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
        7⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        5⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
      4⤵
      PID:15576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56250.exe
        7⤵
        Executes dropped EXE
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63562.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37390.exe
        10⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        10⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        9⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        9⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27604.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20979.exe
        8⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        6⤵
        Executes dropped EXE
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
        9⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30420.exe
        9⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        9⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        8⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
        7⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        7⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        8⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        8⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        8⤵
        
        PID:14208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39990.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        8⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        8⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
        6⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        8⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        5⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        5⤵
        
        PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        6⤵
        Executes dropped EXE
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        8⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        8⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        7⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27936.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        8⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        6⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        7⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        7⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        7⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        6⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        6⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        6⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        5⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        5⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        5⤵
        
        PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        7⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51916.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        6⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
      4⤵
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        7⤵
        
        PID:16028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 652
        6⤵
        Program crash
        
        PID:10296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 652
        6⤵
        Program crash
        
        PID:11412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 712
        5⤵
        Program crash
        
        PID:9064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 712
        5⤵
        Program crash
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43096.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        5⤵
        
        PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29908.exe
      4⤵
      PID:8720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6141.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        8⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        7⤵
        
        PID:17572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16835.exe
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        6⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        6⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        5⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        6⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        6⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        5⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        5⤵
        
        PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        5⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
      4⤵
      PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38814.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        6⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        5⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46634.exe
      4⤵
      PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
      4⤵
      PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        5⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        5⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        5⤵
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
        5⤵
        
        PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      4⤵
      PID:15320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45693.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
      4⤵
      PID:13672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
      4⤵
      PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
      4⤵
      PID:18136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
    3⤵
    PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
      4⤵
      PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
    3⤵
    PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
      4⤵
      PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
      4⤵
      PID:9184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
    3⤵
    PID:12464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
    3⤵
    PID:4576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        9⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        9⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        9⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        8⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        8⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        8⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
        7⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        7⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        8⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34645.exe
        7⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        6⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        6⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22701.exe
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        6⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        5⤵
        
        PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        6⤵
        
        PID:18004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
        6⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        6⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39097.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        5⤵
        
        PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24376.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2533.exe
        6⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        5⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
      4⤵
      PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
      4⤵
      PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
      4⤵
      PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
        5⤵
        
        PID:232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        7⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        6⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        6⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        6⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46634.exe
        5⤵
        
        PID:16972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44821.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        5⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        5⤵
        
        PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32132.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        5⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        5⤵
        
        PID:18020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
      4⤵
      PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
      4⤵
      PID:18024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        7⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30618.exe
        5⤵
        
        PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        5⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        5⤵
        
        PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
      4⤵
      PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 720
      4⤵
      Program crash
      PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
    3⤵
    PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
      4⤵
      PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
      4⤵
      PID:14528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
    3⤵
    PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
      4⤵
      PID:16740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30962.exe
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
    3⤵
    PID:15420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
    3⤵
    PID:7844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        8⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        7⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12672.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26771.exe
        7⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        7⤵
        
        PID:17976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        7⤵
        
        PID:17904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44657.exe
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        6⤵
        
        PID:18000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        5⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        8⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        7⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        7⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        7⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        5⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        5⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4937.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        6⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        7⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        6⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        6⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18802.exe
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        6⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
        5⤵
        
        PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49981.exe
      4⤵
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        5⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        7⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        7⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        6⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
        6⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        6⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36972.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3955.exe
      4⤵
      PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
      4⤵
      PID:15904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
      4⤵
      PID:7780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
        5⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
      4⤵
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        5⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
      4⤵
      PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22257.exe
      4⤵
      PID:18196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16791.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
      4⤵
      PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      4⤵
      PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
      4⤵
      PID:17932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51609.exe
      4⤵
      PID:17028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
    3⤵
    PID:9240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
    3⤵
    PID:12300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
    3⤵
    PID:17108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        6⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        5⤵
        
        PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        7⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        5⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56716.exe
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
      4⤵
      PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        5⤵
        
        PID:440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        5⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-960.exe
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
      4⤵
      PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
      4⤵
      PID:17976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
      4⤵
      PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
      4⤵
      PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7072.exe
    3⤵
    PID:11768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        6⤵
        
        PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16268.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        5⤵
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
      4⤵
      PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
      4⤵
      PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        5⤵
        
        PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      4⤵
      PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
    3⤵
    PID:8140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
    3⤵
    PID:9968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
    3⤵
    PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
    3⤵
    PID:17920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34484.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
    3⤵
    PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      4⤵
      PID:17068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
    3⤵
    PID:10136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
    3⤵
    PID:15104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
    3⤵
    PID:17548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
  2⤵
  PID:5528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
    3⤵
    PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
    3⤵
    PID:10124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27663.exe
    3⤵
    PID:14228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
    3⤵
    PID:18028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
  2⤵
  PID:7976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
    3⤵
    PID:13064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33056.exe
    3⤵
    PID:16488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
    3⤵
    PID:4408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
  2⤵
  PID:10520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3408.exe
  2⤵
  PID:15452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
  2⤵
  PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3656 -ip 3656
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1296 -ip 1296
1⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1296 -ip 1296
1⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6332 -ip 6332
1⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6332 -ip 6332
1⤵
PID:13188

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14677.exe

Filesize
468KB

MD5
c276dcb994e490aec0051edcd0d78f95

SHA1
45d9f91a5680650b75ec3b1329970f5ca9880069

SHA256
18807c21e7a91680eb7612881c678dbd82ada5dec4f1fded28d407077d8d83ef

SHA512
801cc779d6a875197038e3e48d5df4c8e71859429a3f3073604be84c60390a7caf8bfa9212ca1e5ecd2af4315eec42fe9d60873e25273f46d70568ebd21816b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe

Filesize
468KB

MD5
b92793242bed53f0ec43cdb09ea7e77c

SHA1
3065a78b9715e2d473b5eca30f5ce34008da698b

SHA256
3272bd72ea36c5516fee6a6a142335ad293b8f566b653597f303827cb43a59e5

SHA512
503438cdc490b893006f34cc8c8a31ad3fcf2fac176a54649dffe31394af36178ccd0510e049aa9eb5d3b7b78d29a9cad9c92f58c0a3efcb9142048afbc1b090

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe

Filesize
468KB

MD5
a42f827c5bf54eaca675a9c32b1bab10

SHA1
a7a1de228f3f8c7fd98b9a9d2b3e22a0da7b1bd0

SHA256
6e1e53d6e6c9bed0fc9afeee1fedbd0a23f328adb630a3be6cd7e6af61143e58

SHA512
579f51c34729c5c2e2878540c8704339816395dead4808ab04d65b896d7d0e78aae9dc04aced8e3f2f72abcd27452d54639f6da65cc9f48936c6a5225ea8450d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe

Filesize
468KB

MD5
b74f7360f0e6d43cef1a05ed581c49fe

SHA1
74de5c82080720d9676176a13c1ebed1548182a1

SHA256
f174b7490a0898145e1bbc0ecceb7dd9c11c592124078414ac05d046198bbf40

SHA512
8726669d7441d416a337a6fb82f05d7912d44d03646e4bf8ceea5eea7f22f7292deeb9485c7cd14471ea1ef03e786ad0d2b30df6a68d5788a263d2d9342e65bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe

Filesize
468KB

MD5
285733bc48cdb1d862ecc0cfb4f4075d

SHA1
8c6725af80fe1292d7c673e76aff80808f80c3cc

SHA256
cc8857e0d8d1d990ca6f3f19e1353b738af7ff62c66c6104e8cda78e3ff2f1ff

SHA512
0f3f9c87fd906107d706bdacdb1ac7cbf700321d1b67de4ad79aea69f83b467ce4585916ed5f8784cc3c2df87958c94830c52aaa0bf41400bb05eda7589b9ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe

Filesize
468KB

MD5
7bc5480cec499c33e45f902a29690511

SHA1
bbaf2e72b83d2725f9ef016260b86505e54dcc6d

SHA256
e7b60f025f5b16106902dc9d0829d2b1a0c0a2c1014951351f9f46358af8b41a

SHA512
6f42be1be2991767752d1d9ea4caf0c7264226e2788297c77103f090460c25747c4cc24e05511048d981a9eec2f936aa9409b59f8f6ab01d14cd48ae0f5722a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe

Filesize
468KB

MD5
d5d20b07b9a7ecaa81d8ecd0ebddada5

SHA1
d7ad41c47e5151f0ba3df1945db39fe68d7f7016

SHA256
4aa4e1a3b598b3ccd9cb1fc2abd07e5e1b5efd5c2293535e6ddabe4d94b65ec1

SHA512
8847844026a388415ee758ffeccabae3e7b0191c3c9745d1acb9b37b69f650734d04eac67bd96342fe2feb74eb147a2a79b8c9f77c20f62edcd2468df020c069

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe

Filesize
468KB

MD5
8273cc270a9be16f778cc50d04310f3a

SHA1
84055f9fefbf8b2d3764c4af536a3f6e9c0b2f27

SHA256
ba9178badd7f43bad3b09f46873da32f2833f6f10f1c1101dfaa7512a54d39fc

SHA512
e4c7be92c56bb314e52c9b05f3e69942247c14d69e8ebfed8ff2c863533824a9503e381a18de61bedb0ce3f3d034062527a325e518ea52fee4b47e02ae8dc65a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe

Filesize
468KB

MD5
165d75aaf32e2b3a11299337e2f46190

SHA1
d047094eab2b29431b298787e1fac273c0c3e741

SHA256
55d344174cb03ac0e9fa6da1c63758c74b9577793887e536da5ffe1396926411

SHA512
0755543894c6208e1831b6c9ebf8e6f9903297197e97ad5c4dfe83ee08421ae1bb5a6f453e305e54977961fea9ef13483e476b004ef1d4f4843d85a75f75dc13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe

Filesize
468KB

MD5
a0469cbe38f07974812dbfbb0dd4f017

SHA1
c51ec3facc119fec56e7ba8ed83574b5f7d4f678

SHA256
c19cc401b78e155adace3288636dda9fce22dc18b1b1efd1e6e0e37ea13c5a9d

SHA512
208ab88c394fb1ab1e2734a18682115ff3eb3a7514075f3d2a540c90a9c50d7c18b9e8217f1dd2abe1842da7893cb8f0269d2ffaf81e6c3b9d3b0338dbb76d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe

Filesize
468KB

MD5
ea98e3344a2f6b6513ccf86629db878e

SHA1
b7517c785258c69bc79275e053238d17692a2578

SHA256
5cefa699d21805a6470baf5504e2028f73442258a48b5fe0c56e168bdc6fed3a

SHA512
29d7cca7793e499bf2241a160ea0cf02de4e6eb85c7f5a72dd404ac008446047a6b72e42177a0fdcb8e165ad3bc0de64c7a3c23d5497e1ae3de432f37ba29d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe

Filesize
468KB

MD5
24befc6e696469f534ef843fd0d238da

SHA1
9de0a49ab0294b1fdcc2208f97b995fbb2a69d44

SHA256
fc94590e69b386d13a37575e4eb6bc1bc5b03ecde8f0b4a22738eb959872b0b3

SHA512
777994199c3fcd50b420cc2508e0333172d1a6bbbad5b195f8f73562f38f277da26a0655a580c9ecf4177b5c278c1bbcdad977a3e14f985feeafe7a1d12a10dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe

Filesize
468KB

MD5
d2cdd8cd6fda2302bc4d1bbce3d078c3

SHA1
a682c2d9415f5a91c4d0dd28b2b369427eabd77d

SHA256
33217e83d31a07c088054950e6309ab1143dc1d93795c794a723d17110f654b3

SHA512
0c9e99325fef5692ed22d0edc7542a53c038b18b36a059044f2afe379932d46223cb00f74c10cc612fb4e98e2d598cd2965a7268fa0059b7acaf4d65030c0b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe

Filesize
468KB

MD5
b42e3a1003a5261e81fd73f2e2ac2a94

SHA1
bb9e89652302f8045f27a5baad093527f3a78256

SHA256
864c9f121ea56b49a30b5236ce3497384beb0bc5be82bd32246692f64c7b647f

SHA512
e0a04292c7fdf52529a91ce85b67dda913c48c097a0a0d5cf836caaa7e491aea2fc7be3c6a806a66d0e9633dbae6ca16c82e2eb8f19606849b02580fadd87a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe

Filesize
468KB

MD5
5cdaa473cbfb584c677606d706a80d3c

SHA1
c26293549bb8b66ae2a8c6214a5d8b8d61ef5e36

SHA256
12a3e1b7d649952cac7d4d97e90f0fa3896d853edcfd7b02d6677c00d7a949d0

SHA512
3621cc69599a7256183cb0bcf4d3f1160fd58687ac4ecc378b3288ccaffb34688d716c924a91f9cc1d1ed87a8dd5f20032b9cb8e2ed428e59dd4f0cad19bb313

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe

Filesize
468KB

MD5
be5042d7acb49a304325c0bf7e26f48b

SHA1
5408ac1cca573778669adccc34bccd669b26440b

SHA256
b758d7eb91164ff889b887619d13845560cb8a4dd7521077e74aaff5c08a3a46

SHA512
e2c34ca60077a270ba2907c5da2fb4a38b2b242ec2d15cf445a3af1f9c48391e98ba5bda32dc03e3b2fa57f9b51fbb835eb709705d24a1a2dcf8cc9f773ad75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe

Filesize
468KB

MD5
8fc90f4a1c877b1f07eab514fe25227a

SHA1
67b10bdb7db155b988b380a710828f43949b6fe3

SHA256
5203fa44e90b391d76ba16e97273aaa216033983b770fe7e60be74ae004d0cd4

SHA512
53f87b213286fc90340797db3546f5063232f4209ca7d8f53589ff6a3e28d457c1651d2dc1a473fa15a803a3bc0d14a499c4f7a47d6d295f6c732ae159565e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe

Filesize
468KB

MD5
3e9b271db734ba2a3702da3545f4f177

SHA1
6e1b50b5e621b97d80df92bf37ff109547a998b9

SHA256
90e8ff3a3941b2cb803effe74ff71a2b4ff47f78dd2ed489835262727b372ad2

SHA512
a2f3ac6005a58192a37a01946ef38be85ace21c2bd44ba593286c7ccfb93c0ff69d13cb309e91be1e15e2ec1074d8586751a781df730784995f0fdf7bc80e3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44870.exe

Filesize
468KB

MD5
abd66bf515a3effbfe6c94e97868e0f5

SHA1
4e40d6aeaa23a397c2a8d57a735270cd22508f05

SHA256
5aac7e3838e27f2cc4040d088c05aaa3166de323577e41f262b84ea8a4f74563

SHA512
55ec21b226c026a260da5dd44183569bc0b47fc964e5750973d53cae094ff401ed7098f71f491d2ce0215e0aa8192baf8569d225c3c09415b5c8c0182fa631bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe

Filesize
468KB

MD5
d717f83d0b81cab3bad2d05812833396

SHA1
04cdec5c442266c75ad1ec428fd2f29cdb72fde2

SHA256
d623ec3a5e921feaf6596aa79d8a4c790d29a35d7fa06b9780f9f5b76c2d3341

SHA512
046fbf245950489deb6bb887f2a77b3b22909a6c598ed68c6dbc3d476d75d1b0f8de474fcb83ef6f2c8b84c9113bbdf3242e3ddcab64084cd83bf65731e44f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47594.exe

Filesize
468KB

MD5
75d83205ce7fc18fff31df4370adc390

SHA1
61652de8b72a50119f1180ef2a12b633a8fe01fd

SHA256
26c7e29a545d61c2500fa42f38404d6cd2741ee213e3ae77cf3a8e1446f251ca

SHA512
d3e157b4edb96a93956e94aad6e73a955ba74c620e52660ce903a18b38b4eefe9663213e99fe573e75006f96046bf5341ab8e780d6f21d22bf2cba96ea5c9493

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe

Filesize
468KB

MD5
dcc9e334a285e0e395880a52eb9d81fd

SHA1
805397abc54f0434b5291198d1df3eb22c9617c3

SHA256
93216732671c9803aa229123931e0c0495c2e65ef3b45ba8dcdab9565acc63c5

SHA512
b3a64f42c6844c9feb4243f6031770251db782814321a9ccb2a90bd2a9aa3d6d0d853f48774d9d8312110cd35ffcbffcc799c5bcca0b14e4b70e095de2ce51c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe

Filesize
468KB

MD5
2189556d5798133c32277c95672877b8

SHA1
65d48df1cfb264c776a2b96817f23098254fa913

SHA256
46b336f0e75465f522c23aa3da04d8d25a2168e817fdaddf19f489c79f1d1709

SHA512
92538ddf48b2d62e5f98febcd70ead879d9a1ded982573999b54bd68908ed73355e1294d87fc7450f5be43db6506541c074aa6d459cdbf83cda03806ed294adc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe

Filesize
468KB

MD5
74f4410d0967e60eade34e8f2fab5deb

SHA1
04936bafcb6e518c404667b37fb82c50c72a59f7

SHA256
9613f201e8fe840a9b677156d50426bb0d20cae5e05675f00d0901eeff1eb7a5

SHA512
332ee200154be71d15fb259638f22155ee804acb69166005d65a08464f1ad88a918787da024bf83fd0c029af810ea36df7837cce4be2f7f88757249a768b9b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe

Filesize
468KB

MD5
e6829e09554342d026c3f552526bb53d

SHA1
96051fc318e28ef0b3fa9ffee0f1dbd18533cb78

SHA256
c43bb668e26a17d15df34cc3389f950e5e1d38b17ad23348a17375b9b8f1c02b

SHA512
ed35f28073d56a1d919dd9909915e8408ce28f5d4a9de354a3a4de232ce9a82d820753ecb97abe70a889573ea6b94d14448e3bb5de2326a803d8a5ba398fbc0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe

Filesize
468KB

MD5
64f7fc7a3cd93b1772f70404e0129651

SHA1
358848becd296163167b2efae2948c32390ac6f8

SHA256
0cfe59dd8abfa3faf67b68fe56d9d3a2b6f7d4724faab55abec5fa7050e8d157

SHA512
36828dd78e94fab7875d079e59432313a421371e35520a2faf989fba654b9047b0bc57aab33fb8e7d99cc230b9422284a14bbe21de0745e5c4ba58c645345a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe

Filesize
468KB

MD5
3f22e37cbde486889c9dbb98f7993212

SHA1
d62b1aff624878418c9a5f08aa0d70765c6d81ff

SHA256
e5499c60e45131cd6a71d2f7ebbfcb5b916459c08e3f77bef7fd40d0240a15a5

SHA512
b6ecc2234fbdb2245f89feac3f08d65c5fea9384b151250024317ee5f8ecac681071224e288837d7155171823d085643a28dc9b218e184de881d18625355212f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe

Filesize
468KB

MD5
0788ba519818d424edfe8fedae0dbafa

SHA1
8df757b91c046f8879f62cbda6e3a06b6d609d65

SHA256
2433bb011a271cbfbabdda41c8b1a9d21b292091de9aaf91e7ccb036ee4df5cb

SHA512
2be5ab4695af83ad6544940479a9138de146d04c28faa25e7b6175dfb39cc045abca4634559517f6721a89856ad85d7a53c1dc44219bda0a2b3abd2f3cfa888e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe

Filesize
468KB

MD5
b3352b343480aaacb5054965e3f77405

SHA1
c6cf038770ce8e4a95f000de1f19447c631122d7

SHA256
5c6d4b134a4207f29d2951b225d818dde150bf92118a332e2aafd3ac9f79f716

SHA512
ac8c2d7475ba439f52c4478c2a0bea92f634ac40f8ab62135e77ba73a1e6f92bb81d9c12c073000c94272579b9f838b487e4f367c28e99632ebab3f0b272e1ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe

Filesize
468KB

MD5
8ae280467d1d5fe0878d50f04053a69a

SHA1
42a1c1c1abe38dcbd8652683b4960edbdc5f75c8

SHA256
fb1e4af66d8cf9a8ea58c5bf5aa89d4f0905dc5f0b16f89167d6a0349ac6d6d2

SHA512
c04cff12f8e8ad21d621ca4f64df7ad991638502a7204b49540bba0bb83c81333668455216eba38e52b64d74749b432bce70646b6cc6e90d66aaca046c467c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe

Filesize
468KB

MD5
72d3418c56fe33dc0d56de5173cf49ae

SHA1
08d8f0f94131b8eee35c7844633ff0b306e17926

SHA256
c8691947e21a6a7d0292651ca9b42544f166cd22057def9149655f59fce35175

SHA512
119e903f13447d347f18bd1f156a03271519e3e406e21c1498d09065cd560f050bd3dddb395260229f1d352cd3fb785d6171d86d76bb710c9c594a341423fed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe

Filesize
468KB

MD5
956acba8603b7c223bc12c38c6d807fb

SHA1
f4bc81acd67ce2cc38c34957496b668d438a291d

SHA256
676c4eb2e1c380dabb5ea175f681820df952f902f632a967f4fe0d7b49c3cb88

SHA512
4dc7f7a88d75834db174dc893365685ba95c54e53a67287acea217b8107f30c78adfeeb37e57776a40277a214750904b8afcf0aa5d7a3ef59df5b2bb16355419

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe

Filesize
468KB

MD5
b619dca6983f0c68e397821723d63068

SHA1
6d3cb8d48593bbabe140f03e2d8f2e2332b33238

SHA256
c3a48350b61aa9a100c5f8c728d7b2cae07cd3aca465678443e91971be27ec8f

SHA512
a987eb618d4b884f6092e66abd35976c44b44dde3da1be71b174b4a60d7167ad0a2174ff7b0b842e391765f1394c1aa914c616e7c270c8d548812484b3a7c251

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads