11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe
Size

468KB
MD5

8ed65d173ead35b93cde2ac893a9f730
SHA1

506c8cee75e3d097e6fd23c2b6d563c757bf2971
SHA256

11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462
SHA512

5d5fd174d33bea04023f8cf2bf06c8a73419b39fe30e07077ffcf56ffbdc2701febc9eb588dd91bb151c01cf442908c8eadfbe1cd018cfde36448276b97a49e9
SSDEEP

3072:X/0bogCdj08G2bY9Pzh1ff8l5CyAXiphn6HXvVp0YOv3WC//k5lv:X/8oh5G2+PN1ffBqKcYOPd//k

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3948	Unicorn-23716.exe
4636	Unicorn-11043.exe
920	Unicorn-56139.exe
380	Unicorn-6819.exe
3692	Unicorn-42698.exe
4132	Unicorn-62564.exe
1980	Unicorn-23953.exe
4228	Unicorn-9715.exe
4928	Unicorn-54811.exe
2012	Unicorn-44692.exe
1496	Unicorn-11827.exe
3888	Unicorn-28548.exe
5052	Unicorn-8682.exe
1836	Unicorn-28283.exe
1052	Unicorn-55090.exe
2856	Unicorn-14723.exe
344	Unicorn-60011.exe
1136	Unicorn-46436.exe
1944	Unicorn-56258.exe
3576	Unicorn-32404.exe
1972	Unicorn-16068.exe
1056	Unicorn-15994.exe
3840	Unicorn-61931.exe
824	Unicorn-32020.exe
1576	Unicorn-32020.exe
4904	Unicorn-32020.exe
3808	Unicorn-23281.exe
1112	Unicorn-12346.exe
2412	Unicorn-42418.exe
2032	Unicorn-44059.exe
4824	Unicorn-49812.exe
2884	Unicorn-45899.exe
1852	Unicorn-65380.exe
2388	Unicorn-58866.exe
2580	Unicorn-35396.exe
4596	Unicorn-35588.exe
424	Unicorn-25723.exe
2192	Unicorn-9459.exe
4700	Unicorn-54747.exe
3512	Unicorn-58011.exe
4520	Unicorn-58276.exe
792	Unicorn-58276.exe
4436	Unicorn-19089.exe
2084	Unicorn-38026.exe
3896	Unicorn-43860.exe
3152	Unicorn-43860.exe
2748	Unicorn-60196.exe
3248	Unicorn-60196.exe
3792	Unicorn-10419.exe
2892	Unicorn-23034.exe
4728	Unicorn-42900.exe
2272	Unicorn-42900.exe
2596	Unicorn-33969.exe
2124	Unicorn-59236.exe
2116	Unicorn-6890.exe
4040	Unicorn-1290.exe
2240	Unicorn-52884.exe
1536	Unicorn-39562.exe
1452	Unicorn-53298.exe
2016	Unicorn-3521.exe
1796	Unicorn-13491.exe
4476	Unicorn-26682.exe
4468	Unicorn-45780.exe
2988	Unicorn-55986.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2652	3888	WerFault.exe	100
7476	5848	WerFault.exe	232
15632	13612	WerFault.exe	647

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-67.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17309.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15956	dwm.exe
Token: SeChangeNotifyPrivilege	15956	dwm.exe
Token: 33	15956	dwm.exe
Token: SeIncBasePriorityPrivilege	15956	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe
3948	Unicorn-23716.exe
4636	Unicorn-11043.exe
920	Unicorn-56139.exe
380	Unicorn-6819.exe
3692	Unicorn-42698.exe
4132	Unicorn-62564.exe
1980	Unicorn-23953.exe
4228	Unicorn-9715.exe
4928	Unicorn-54811.exe
2012	Unicorn-44692.exe
1496	Unicorn-11827.exe
1836	Unicorn-28283.exe
1052	Unicorn-55090.exe
3888	Unicorn-28548.exe
5052	Unicorn-8682.exe
2856	Unicorn-14723.exe
344	Unicorn-60011.exe
1136	Unicorn-46436.exe
1944	Unicorn-56258.exe
3576	Unicorn-32404.exe
1056	Unicorn-15994.exe
1972	Unicorn-16068.exe
2412	Unicorn-42418.exe
1576	Unicorn-32020.exe
824	Unicorn-32020.exe
3840	Unicorn-61931.exe
2032	Unicorn-44059.exe
1112	Unicorn-12346.exe
4904	Unicorn-32020.exe
3808	Unicorn-23281.exe
4824	Unicorn-49812.exe
2884	Unicorn-45899.exe
1852	Unicorn-65380.exe
2388	Unicorn-58866.exe
2580	Unicorn-35396.exe
4596	Unicorn-35588.exe
424	Unicorn-25723.exe
2192	Unicorn-9459.exe
2084	Unicorn-38026.exe
4700	Unicorn-54747.exe
4520	Unicorn-58276.exe
792	Unicorn-58276.exe
3512	Unicorn-58011.exe
4436	Unicorn-19089.exe
3152	Unicorn-43860.exe
2748	Unicorn-60196.exe
1536	Unicorn-39562.exe
2240	Unicorn-52884.exe
2124	Unicorn-59236.exe
3896	Unicorn-43860.exe
3792	Unicorn-10419.exe
4040	Unicorn-1290.exe
1452	Unicorn-53298.exe
3248	Unicorn-60196.exe
2892	Unicorn-23034.exe
2272	Unicorn-42900.exe
2596	Unicorn-33969.exe
4728	Unicorn-42900.exe
2116	Unicorn-6890.exe
2016	Unicorn-3521.exe
1796	Unicorn-13491.exe
4468	Unicorn-45780.exe
4476	Unicorn-26682.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 3948	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	84
PID 2320 wrote to memory of 3948	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	84
PID 2320 wrote to memory of 3948	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	84
PID 3948 wrote to memory of 4636	3948	Unicorn-23716.exe	87
PID 3948 wrote to memory of 4636	3948	Unicorn-23716.exe	87
PID 3948 wrote to memory of 4636	3948	Unicorn-23716.exe	87
PID 2320 wrote to memory of 920	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	88
PID 2320 wrote to memory of 920	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	88
PID 2320 wrote to memory of 920	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	88
PID 4636 wrote to memory of 380	4636	Unicorn-11043.exe	90
PID 4636 wrote to memory of 380	4636	Unicorn-11043.exe	90
PID 4636 wrote to memory of 380	4636	Unicorn-11043.exe	90
PID 3948 wrote to memory of 3692	3948	Unicorn-23716.exe	91
PID 3948 wrote to memory of 3692	3948	Unicorn-23716.exe	91
PID 3948 wrote to memory of 3692	3948	Unicorn-23716.exe	91
PID 920 wrote to memory of 4132	920	Unicorn-56139.exe	92
PID 920 wrote to memory of 4132	920	Unicorn-56139.exe	92
PID 920 wrote to memory of 4132	920	Unicorn-56139.exe	92
PID 2320 wrote to memory of 1980	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	93
PID 2320 wrote to memory of 1980	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	93
PID 2320 wrote to memory of 1980	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	93
PID 380 wrote to memory of 4228	380	Unicorn-6819.exe	96
PID 380 wrote to memory of 4228	380	Unicorn-6819.exe	96
PID 380 wrote to memory of 4228	380	Unicorn-6819.exe	96
PID 4636 wrote to memory of 4928	4636	Unicorn-11043.exe	97
PID 4636 wrote to memory of 4928	4636	Unicorn-11043.exe	97
PID 4636 wrote to memory of 4928	4636	Unicorn-11043.exe	97
PID 4132 wrote to memory of 2012	4132	Unicorn-62564.exe	98
PID 4132 wrote to memory of 2012	4132	Unicorn-62564.exe	98
PID 4132 wrote to memory of 2012	4132	Unicorn-62564.exe	98
PID 1980 wrote to memory of 1496	1980	Unicorn-23953.exe	99
PID 1980 wrote to memory of 1496	1980	Unicorn-23953.exe	99
PID 1980 wrote to memory of 1496	1980	Unicorn-23953.exe	99
PID 3692 wrote to memory of 3888	3692	Unicorn-42698.exe	100
PID 3692 wrote to memory of 3888	3692	Unicorn-42698.exe	100
PID 3692 wrote to memory of 3888	3692	Unicorn-42698.exe	100
PID 920 wrote to memory of 5052	920	Unicorn-56139.exe	101
PID 920 wrote to memory of 5052	920	Unicorn-56139.exe	101
PID 920 wrote to memory of 5052	920	Unicorn-56139.exe	101
PID 3948 wrote to memory of 1052	3948	Unicorn-23716.exe	103
PID 3948 wrote to memory of 1052	3948	Unicorn-23716.exe	103
PID 3948 wrote to memory of 1052	3948	Unicorn-23716.exe	103
PID 2320 wrote to memory of 1836	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	102
PID 2320 wrote to memory of 1836	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	102
PID 2320 wrote to memory of 1836	2320	11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe	102
PID 4228 wrote to memory of 2856	4228	Unicorn-9715.exe	107
PID 4228 wrote to memory of 2856	4228	Unicorn-9715.exe	107
PID 4228 wrote to memory of 2856	4228	Unicorn-9715.exe	107
PID 380 wrote to memory of 344	380	Unicorn-6819.exe	108
PID 380 wrote to memory of 344	380	Unicorn-6819.exe	108
PID 380 wrote to memory of 344	380	Unicorn-6819.exe	108
PID 4928 wrote to memory of 1136	4928	Unicorn-54811.exe	109
PID 4928 wrote to memory of 1136	4928	Unicorn-54811.exe	109
PID 4928 wrote to memory of 1136	4928	Unicorn-54811.exe	109
PID 4636 wrote to memory of 1944	4636	Unicorn-11043.exe	110
PID 4636 wrote to memory of 1944	4636	Unicorn-11043.exe	110
PID 4636 wrote to memory of 1944	4636	Unicorn-11043.exe	110
PID 1052 wrote to memory of 3576	1052	Unicorn-55090.exe	111
PID 1052 wrote to memory of 3576	1052	Unicorn-55090.exe	111
PID 1052 wrote to memory of 3576	1052	Unicorn-55090.exe	111
PID 2012 wrote to memory of 1972	2012	Unicorn-44692.exe	112
PID 2012 wrote to memory of 1972	2012	Unicorn-44692.exe	112
PID 2012 wrote to memory of 1972	2012	Unicorn-44692.exe	112
PID 3948 wrote to memory of 1056	3948	Unicorn-23716.exe	113

C:\Users\Admin\AppData\Local\Temp\11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe
"C:\Users\Admin\AppData\Local\Temp\11e860795c66ab324bf5d6d90d5109469b1f38ef855cc031bf71c439107bc462N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        11⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        11⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        10⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        10⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        9⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        9⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        10⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        10⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        9⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        9⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        9⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        9⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        8⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        7⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        10⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        7⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        6⤵
        Executes dropped EXE
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        7⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        6⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        7⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        6⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52941.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        10⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        10⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        9⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        8⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        8⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        9⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        7⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        9⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35693.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        8⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
        8⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        7⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        7⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        9⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        9⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        8⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
        8⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        7⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        7⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        8⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        6⤵
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        7⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        6⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        5⤵
        
        PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        9⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        9⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29210.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        8⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        6⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20967.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        7⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        8⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
        8⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        7⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        7⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        6⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        7⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        7⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        6⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        6⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        9⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        9⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        9⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6773.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        7⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        7⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24010.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6057.exe
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        8⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
        7⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        6⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40420.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        8⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        7⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        7⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        6⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        6⤵
        
        PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
        5⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        5⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        7⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        7⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        6⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        6⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
        5⤵
        
        PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        7⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        7⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12445.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
        6⤵
        
        PID:520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
      4⤵
      PID:5848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 488
        5⤵
        Program crash
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28574.exe
      4⤵
      PID:7844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 452
        5⤵
        Program crash
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        6⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21165.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        7⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27636.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20162.exe
        6⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        7⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        7⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
        6⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        5⤵
        
        PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        7⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        6⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15212.exe
        6⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
        5⤵
        
        PID:13612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13612 -s 464
        6⤵
        Program crash
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        5⤵
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        5⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        6⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        5⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        5⤵
        
        PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
      4⤵
      PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
      4⤵
      PID:12340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
      4⤵
      PID:8076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        6⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        9⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        9⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
        8⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17828.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        7⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12106.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        6⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        7⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        6⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        7⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        7⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        6⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        7⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        7⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        6⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
        5⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
      4⤵
      PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
      4⤵
      PID:10144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        7⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        6⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4602.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        6⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        5⤵
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
      4⤵
      PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        5⤵
        
        PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      4⤵
      PID:12436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        5⤵
        
        PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        5⤵
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
      4⤵
      PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
      4⤵
      PID:9260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
      4⤵
      PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
      4⤵
      PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
      4⤵
      PID:11592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
    3⤵
    PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
    3⤵
    PID:12324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
    3⤵
    PID:9668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        9⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        7⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        6⤵
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        8⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        7⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        6⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        6⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        5⤵
        
        PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        7⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        7⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        6⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        7⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57811.exe
        6⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63333.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        6⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
        5⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        6⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        5⤵
        
        PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54522.exe
        5⤵
        
        PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11765.exe
        5⤵
        
        PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
      4⤵
      PID:12348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
      4⤵
      PID:7532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        7⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        7⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29892.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        7⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        6⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        7⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
        6⤵
        
        PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30012.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      4⤵
      PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        5⤵
        
        PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
      4⤵
      PID:8824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        5⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        8⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        7⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        6⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63477.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        6⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        5⤵
        
        PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        6⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        5⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
        6⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        5⤵
        
        PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        5⤵
        
        PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
      4⤵
      PID:16120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
      4⤵
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-67.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39029.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        5⤵
        
        PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
      4⤵
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
      4⤵
      PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        5⤵
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
      4⤵
      PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
      4⤵
      PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
      4⤵
      PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26317.exe
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9426.exe
      4⤵
      PID:16100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
    3⤵
    PID:9808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
    3⤵
    PID:11380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        6⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49076.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        8⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6333.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        7⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        7⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        7⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        6⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
        7⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        6⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
        7⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        6⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        5⤵
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33975.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13733.exe
        7⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        6⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        7⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2490.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        6⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        5⤵
        
        PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        6⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
      4⤵
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        5⤵
        
        PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      4⤵
      PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
      4⤵
      PID:15528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
        6⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54167.exe
        8⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        7⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        6⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17053.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        5⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        5⤵
        
        PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        5⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        6⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        5⤵
        
        PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        5⤵
        
        PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11885.exe
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
      4⤵
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
      4⤵
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        5⤵
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
      4⤵
      PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
    3⤵
    PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        5⤵
        
        PID:9312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
      4⤵
      PID:14656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
      4⤵
      PID:9088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
    3⤵
    PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
      4⤵
      PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
      4⤵
      PID:8284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
    3⤵
    PID:8692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        7⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
        6⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        6⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        5⤵
        
        PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        6⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        5⤵
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
      4⤵
      PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50596.exe
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
        6⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        5⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
      4⤵
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
    3⤵
    PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
      4⤵
      PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
      4⤵
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
    3⤵
    PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50596.exe
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58199.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53861.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        5⤵
        
        PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        5⤵
        
        PID:11764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19093.exe
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
    3⤵
    PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
      4⤵
      PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
      4⤵
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
    3⤵
    PID:10768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
    3⤵
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
    3⤵
    PID:5260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
    3⤵
    PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
        6⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34941.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        5⤵
        
        PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        5⤵
        
        PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
    3⤵
    PID:9156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
    3⤵
    PID:13932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
    3⤵
    PID:16352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
  2⤵
  PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
      4⤵
      PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
      4⤵
      PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
    3⤵
    PID:9768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
    3⤵
    PID:14532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
    3⤵
    PID:10164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
  2⤵
  PID:6676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
    3⤵
    PID:11236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16348.exe
    3⤵
    PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
  2⤵
  PID:9392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
  2⤵
  PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3888 -ip 3888
1⤵
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5848 -ip 5848
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 12912 -ip 12912
1⤵
PID:15608

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe

Filesize
468KB

MD5
dd0e3039fb9dd23e9e09df52a3815046

SHA1
948584d8df7f1bd9a0e3a3ac55298b145fa8c342

SHA256
35af15d1281483235e2039ac717986f1a3d060fcd2582a8bdf9141ce3dc10d38

SHA512
ea81e6fb8f002512666611020499eb177237285307d78742d1df4c26dfae6b33ac484c3be3feea3da94e767c8ef0d26ad8af5de98f30234f4d7d5b7bf8849ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe

Filesize
468KB

MD5
5a8380dfa0e3cc68a779258175360e5b

SHA1
d50cd3a1035a7ebaac688aceba8a658a57367a6f

SHA256
63c8a55563ff633ebad82fcb0fb10c5e5661cbca46d1ada421dad7b194ab1d5c

SHA512
80877378b175ce3c24a13b5c9c09e29161970496bfae4d9f21e9b81cd5ca277d3d227c7c74f75cee783a92ed7b9aa485f44e383acf010ae6260953f0d6b1ae27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe

Filesize
468KB

MD5
1dc422ea88844033e60c25d648bfdb0e

SHA1
5db01e06618194a0257c894742473124161df580

SHA256
4681daa74265da50340daee5f9b59d8943fdb98da2450985970195df5fe6493e

SHA512
05a657eca587ea0752cc2a30c4e94ce563e50643079abb0b1d905ddb877172c259905fe0d46c88440f475fd860950571282c59ed3da73e2c0b4fd7c0ba1e59ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe

Filesize
468KB

MD5
2bf46b5795837ebc9b357a4aa689002c

SHA1
ca293ce6716a53df90bd3758bd0624ce3259386e

SHA256
88533cbb7ac07f3fcc82872f333f3be148ddcd7dcf3b0233d9d96d4835d88d11

SHA512
0e2f0cade5ba3b25065acc6e88c5ba6ded38bb172c0c59377862f3145dbde2761ad781931b0f5d0a4f66480b8758da60bbc2233fda8ed47644e216c238f5611b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15994.exe

Filesize
468KB

MD5
d71032b3c094deac026f53e8fd17a7ff

SHA1
946dfbf8f784bee86b6d284c5ffea3ed355f9580

SHA256
f4e50aa7a2f50bd50cbe514d7fb02a2b0fd0402bbbd1746996b3c0ad20f4f5be

SHA512
6a11ff8e0aa517c29b5548cb88c9eef4dea2b2c852c112789e729ca5d0f829effc499b0ac4bdf74195a8cfc2bbfe2976e38b3e1fbcbed4ed34fd098b60b126af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe

Filesize
468KB

MD5
a7391ae850435ab7df52bd9b1c86807a

SHA1
c3a9eda200549e3731184a450995af7b8918fc77

SHA256
b2552abf46d0bf5bb9b6f22332f2d30529ef5615d072671a893466b1bbdf1217

SHA512
cfcee9342d2e7e3a35f0fdad126546e4343a23f7a46def4b80c53066acb132123cc9104f803c709d4a17501d820979a009c3b2ec6dfbe2921d8a1e88ea4a5cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe

Filesize
468KB

MD5
d66169313244502af1838f05b92d9500

SHA1
c956f4aeaa7b15df148d3bf85a41504ae055af45

SHA256
b67c14cb4050f1ebbb81016d3726ca6715c454da716cd6146186d2ef0351a843

SHA512
b633511a05b193641efb8267a3594b314b362152bb5869a0237c00846d20b18fef5d374f1e6606c2d63cb48a9e084cff76d876ce55863bee1d3047b274c4d57f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe

Filesize
468KB

MD5
4c530a73e34bef9ffd1c014187e49255

SHA1
608942ed34dd4a370c0f2f25e822b40225bd87b6

SHA256
cfdfa1324ca681758394793353509fe41e2146794141c9c44f5f5ff39334f990

SHA512
9a33b50b066275c5ef1fd01d742e2730883579c87f93ce4c66598e03aa26f2a5670fe858fbd5bb8f3f81beea415a8a369f9777be656a5282d1d6d37cfb3b8041

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe

Filesize
468KB

MD5
fcf99df614a0cb432e4c9492d5061a83

SHA1
ec1dd3911563f0ac661dbffc68a5274bf6a566ed

SHA256
70b0fa1d5e874e659eef4b0a556be311bf2269d221e0c1c438cb9242d37ce4c2

SHA512
6ed2826c3857458ebd17ca813ea859372dc54acdd3b781cd0b0eaa7957823e2abd4a9167849c954d504fb6b4015b07078c517ae81d48d95c18c8c81e848502f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe

Filesize
468KB

MD5
7c80e73d14a1b35915c3ef59e5dcdb4d

SHA1
74fe7f20edb028e3557486023f0e4d5fd1c65334

SHA256
832e3f2decea6a8464ecbc5ead1847523fa6c2a277beac183ea7a3360f173903

SHA512
8f20d22032d67696899e212bf118671b108af0dcbc3c203c8df9028182e4cf42898e416500088f18ae18cfefdc51969ace1f8e60332843c59396af8a0ec298fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe

Filesize
468KB

MD5
6638620d67e83dd6ef66baa9aa57950a

SHA1
1f748078bc3876b6a9432d6913491b7f36e612eb

SHA256
d973707481a4ac8af3c4572768057c8bf29bd98d72e8b9d3418a2cc8ab37fde4

SHA512
7579f23f38c6f03e89dc2844ed772664d54d491b8419a6777d879be2e64c6648d2868055fed53596c3ae37c91d9bbc20b4231e8e26033622700ab3117cd07d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe

Filesize
468KB

MD5
90c303aa76d0e0f52cb9c4a249e3a434

SHA1
f559b6ddcd4e9b2f917b4b0408b14aafe49cb7b3

SHA256
d8559085ec712c624bc6f3cfc5dcddcd943bbbc7f3162b42f6b0d94b9558d584

SHA512
a2c26b48e28fcdfb99e289a45b7996343d5e100f287412709d1bb900aed308d005e908447361daa52308ebd3a1d97ec8e31433740fa65c0017b5cdac95c86936

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe

Filesize
468KB

MD5
56c7f8e5aae917a6520706f258d9287e

SHA1
b95a07290052f408cce77f5780728d5cf142b600

SHA256
b6e228918580877d4bf939655f97ad627a0df38edd1eac9da7ba7ce9caa17296

SHA512
38f43734f9cf25cd814f42a9a0faea9df8cfa96f27dbe1462cf9c1811c33ae5c053d732da6ff3b522b48a30b91b50988e107a9bd33fcd95b0d520f7b09eb847d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe

Filesize
468KB

MD5
b73237ece5d9164db5c3f59b234d37eb

SHA1
4fd620ee95a61e01865ef9a4d94f786a58e558dd

SHA256
718776823f12228f1cac1b6f62d52883f6c822fb966d6d38f96087b3cbf9de00

SHA512
beb23b6ff368510673a654c2abd8f2a827b6f91e3e6a7a4fc6bd21ba529f36404395741596bfa06329eadbb33fc4fb39f059fd05201b23fbb69073472d25ba05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe

Filesize
468KB

MD5
40663fdfd431e8fa78a5b2373b9d2c28

SHA1
0f77b6f8a3f91f13b02f1561e98445f5c88e8bd9

SHA256
db84465a90f48185ff82ac7f123b23440111d3cdf189f73f2a3806c4bdd10894

SHA512
0774e70dcececefb943f0b09454288627c31e36315cb4ec2c6a3ea895f01b075370fc24f6ef6dd5d38cc7ead01b9fdefa0c7449d7e1372ce7df48f17367f5f1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe

Filesize
468KB

MD5
02c6624022f9246bc79545767d95b349

SHA1
a0bde65eec084aeade2d4cc9c6b3d1353af10e53

SHA256
9a8ff355699df23ecca85cc37a8dac7899af5a3f313750772aaffdc0ed2451cc

SHA512
9694bf667ae52763b693839d693225f07d1d0a8c53e8960e20170c129c78cc15721dbab52c8b02b2edbde754ec66dba94067f7e16e83bf76a1dacd29b5f71d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe

Filesize
468KB

MD5
4f6dfc4d99eae97204cf37b58bd42513

SHA1
1adf5df75e56391bd009df386ac4951556cd0329

SHA256
ed564abc72474b83ad9f1ed81988caef97a2339371eef5eefdfa36653ffbddfd

SHA512
b7ebe4138da41fc281b319c76629188f2ffd31bae5ee599530ce7bd50afd8bf73429b3615de941d26f3415ffd937d0a0e923099aa546231a3b8643a836223770

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe

Filesize
468KB

MD5
dc45707332fc55feebdbe93f508c2c49

SHA1
3064fa12ee351a57357f371896695c8e5f4addb6

SHA256
63ca2e898311b16799d281ca2ca6dc8c2ead5c552210b66c566c3e39bf16a871

SHA512
710aaf32a2e0431fcfc651ce90f3759b075d45cd8a45913d54935a3ded79d5c72dc8551641a94e462ba3ab2f24182db08b166cf3b4ce81377e70b0e8405d0e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe

Filesize
468KB

MD5
129b5d05576a65f35dd2ad992a451ba8

SHA1
7acd2ed1217823adf61f2d1a66fb458dda1e5516

SHA256
b64cc08ce0672625e1f35f9a90ccd3e9ece77b117ff01746a992c3be985e87ef

SHA512
440729abfe7cd0e7192c79c0dc0721d52ec53c56413e3249db8102f91f809ae2ba7e3e80194e29f347f940bfb30d3f4da2d20bec417f71e9ab051e415060445b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe

Filesize
468KB

MD5
e4a76da29e2ad267064d6b70a45b57b2

SHA1
70caf35dbc41e88743f9d85f9b4cec4cbb464de3

SHA256
90b0a488ddb1a9c1163b4ffc61f56b175005e344c0dcd705d19c05a973fdbfcf

SHA512
e8a54969c0f809edad78ab4e6fee8ac1e50393fd95f402add9c65860b8e79fd8ac40d49cc7b34e18d16cccf8fd2825c8f9bd3d07641f2a13e5941cd5dab62b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe

Filesize
468KB

MD5
ee7396e1f065370a56055ffe25786d6a

SHA1
acffafb2843861bcdfd9930e3329b058397604bb

SHA256
894903a0337e5a8a7fcb868603db07262c98e70039f40701af55647048afbe85

SHA512
7d060629b9e2fa4586d364a9a842d5fcd6785a01f509b7a91d7117073e8aaf38987092b2c80708994f28bedeca4f8d07eb6860cef7c2a9a7dc844e863be79dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe

Filesize
468KB

MD5
5cc40070e0ed8d1dd72aa22a954c0910

SHA1
743128d1368d99bd81d0092e461ead6d983298bb

SHA256
c231ce62c99a148e2038d5ace4a42fe8d8a2bdcb2890666dae3ab482c5e82cf1

SHA512
672c101ffa7b463eba7b6ec22a5b1c4dbf06173fec60d6211cb5f72b3698d2d06df259f4343c2f70d52a6ff9b9c97e03ffe217a4ac45e60459af653060a4c5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55090.exe

Filesize
468KB

MD5
cf86948687581b9abddfd1d8bc3506ad

SHA1
ffccb43fb237c3ae5e2f14b1585b11049a9bcd9e

SHA256
96bbae40fefadc98ea52ba16987c261c85cfd31e3951cf0a448f45c320872c26

SHA512
01c8afbb8574b2c2f5e75374da42a78d81259d4da17ffc42c28fb3daaf9b5ba5b8526b2ef8af3872437e0d2047773f0da8e1d4eb297c8e1f69727a855624101c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56139.exe

Filesize
468KB

MD5
036d3ee2882cb4b781022b57c9677e31

SHA1
0ab387edc4fe76c3213ea1468e26974048a52493

SHA256
9529b6b475187d03c21d255b9d6542b4c88827a5594f736eef68253f87b45c3a

SHA512
d779220a0a4dfea2aed368eaee2b7543277044ebc30204254268343f241f2fd41975bf52a4a7213c1e0f28ac2baede50dad1f0f640f91395623c770fe73d7e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe

Filesize
468KB

MD5
d46b5994da7014302047229df517c713

SHA1
639b9ae5596f952203993b68fe29a731916a8185

SHA256
dd91fa3bebe50e5bd1be1d3c0526b07daf4e5386b67a767ddd623e8c7461c01d

SHA512
a7f284d723d1f2d2b3419ae02e5506e66b98eb9c5221d665b1890d491732f6a11f19fc4f31a71ca25da48625a9666705fca7f017b576ae10f274d93107d8f0c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe

Filesize
468KB

MD5
ff160fdad1ab66a25854d144f1ac1c59

SHA1
f467dfb743dfb2fade532575b0b1bb02720dd7a4

SHA256
097c2e7a2fbc30681f0807ed42e6cda59da9564b1671279823c00d04284f0a67

SHA512
1560f281fc75828e48b15f8d62a0749c59c9ca1e704e8bbe8c070a171adf086dd598992cfe8cb1d35883e2252c9d257607893ef8df5a8ead1121af8b60cff920

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe

Filesize
468KB

MD5
bf82c5c6747dd3524a1d2f32447b0eef

SHA1
8ca4539550ae5b04bb71f0f324c3653b769b556d

SHA256
7c7487d235a9e748aa69ca1c179f90b0ae61a5b8c09ba6059335fbf24402e5de

SHA512
62efaa32b3b00fcb6fb816e17f0b92216cd737c3d1529bfca20eca1d30f704f37a30d74721003b39459ce1f8b4e3eeae7fc6d1f64359ce51b9dabf9a0eafef3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62564.exe

Filesize
468KB

MD5
fe8ece814e6e7b7d8e1b3b99d0108c1c

SHA1
1703ef0fa0571dd07a05f1f097a38eb922c79ccf

SHA256
b2719f4f9a8d4d9c800a025ed8d0147c38bbbd078fa5a9c7d154d53c2da3366b

SHA512
292011690bca0127cd1a44bec7fdb1c233e87a37ca31ee769887da90efbd1ad24e0a93075056ff098745333ef64f20996ec779171c9c7a423be3320a62c91411

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe

Filesize
468KB

MD5
03be294b5633ae90c999ee2865a12257

SHA1
7ba5b9e20a67157b2af9a5efea912363006b6bb1

SHA256
64d3c3c188a4b8a55e5f6b56fb868505a4409baaafed8da70c6bd395bec770a1

SHA512
13ad2744a991aef622d36e9dcc3f29f46afd31eef827070131ff68853044583ab6c8f3b1accc575eaac1c97c01c468786dbc8b1d4fc9bf7eb5545b74d879a065

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe

Filesize
468KB

MD5
1c908f275b9213bfc0d51a5a5ceec593

SHA1
c8a3b3f9b4bf5bf86bfbe4c179df808bc9d1a52e

SHA256
f71acc3d21c67e9f02a7b9cc7cc717d94b0f30ff720401fe525b9a9c82174c22

SHA512
1cb502d3bfd1bf4d0b2b9e2ca9eaad324d2db69301d3a37bb23d11de9c78df47a29a32d75590146a3a11850da4f80087b3bee8f090ef839683cf98aa38cf2b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe

Filesize
468KB

MD5
770591e5743f09ac8db7325230fe116f

SHA1
62d6f5b4ebd22bc275bc05530cb5517ff6e588d3

SHA256
4046486321ed29b0841104854ca7b24c6654897ef35f469a02f9e7ac2eed6a9a

SHA512
dd1ce1eb4f7b91564f121b1aa1ab1f0ba5ef32f60d37ca845089c84d7110dc04ab980f4d1c803dfcab0b2b5e4b04e897d408023ea2598542634ac8d1f348a2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe

Filesize
468KB

MD5
3d3698f6a9c4bee6ac68f4eab5acd6b2

SHA1
8351ac0066c462bbe7068d3365a5f7e2dcd186e7

SHA256
ae241ba3510b72e884b6178eca84de9074130de10dff169fea41d838ba108d4d

SHA512
f94ca2db2d142e9dfc3761be3e0fe473d7eba80ebd27666006bcb5b198f9587df3800616ed4946b492a6ec0101e8d12d68ac4183eb3d8b87005dde78dddba57a

Download Submit
memory/344-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/380-28-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/424-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-2589-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/824-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/920-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1112-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1116-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1328-577-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1452-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1536-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-458-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1836-104-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1852-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1944-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-153-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1980-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2016-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2084-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2116-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-309-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2320-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2412-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2616-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2748-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2884-214-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2988-382-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3124-442-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-422-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3304-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3344-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3460-423-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3468-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3576-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3692-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3792-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3808-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3840-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3888-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3888-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-288-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3988-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4040-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4132-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4140-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4228-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-503-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4476-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4512-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4520-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4596-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4636-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4700-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4824-208-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4956-477-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-502-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5044-450-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5052-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5076-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5124-505-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-507-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-508-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-511-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5268-578-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5284-513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5304-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5324-518-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5336-519-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5640-581-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16148-2620-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads