d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31

Analysis

max time kernel
115s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe
Size

468KB
MD5

59adb4917a6cf8b6496afd5aa8258730
SHA1

23348ce52f681b80858f4b45cce14c6ae9272ad2
SHA256

d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31
SHA512

cdf6d94dd668fb6799e0474d08b22515fcec7e3e23a4eb62c2c6d35134dae3821f551c44b9c61d04b4d9013e80ae20567353d02d04747ecc279b0d9cac263094
SSDEEP

3072:5nuTotIKI05UMbY1H54OrfJ/zCmsP0EwnIHewVgk7PZNcslgK1lS:5nyow8UM6HmOrfGNAy7P7plgK

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3496	Unicorn-53872.exe
1472	Unicorn-23312.exe
4904	Unicorn-41271.exe
1760	Unicorn-14204.exe
2192	Unicorn-13135.exe
2016	Unicorn-58807.exe
5040	Unicorn-44831.exe
4532	Unicorn-50525.exe
1544	Unicorn-55164.exe
1296	Unicorn-21745.exe
2568	Unicorn-17661.exe
4704	Unicorn-41900.exe
3368	Unicorn-11530.exe
1644	Unicorn-22299.exe
4080	Unicorn-17661.exe
5096	Unicorn-26836.exe
216	Unicorn-20291.exe
3144	Unicorn-6223.exe
3308	Unicorn-12345.exe
4760	Unicorn-64469.exe
1216	Unicorn-19030.exe
2216	Unicorn-15736.exe
4328	Unicorn-1437.exe
3440	Unicorn-7567.exe
2620	Unicorn-45128.exe
3612	Unicorn-41309.exe
4492	Unicorn-41309.exe
4736	Unicorn-20374.exe
448	Unicorn-3598.exe
464	Unicorn-58200.exe
2128	Unicorn-40240.exe
388	Unicorn-14235.exe
2268	Unicorn-34101.exe
456	Unicorn-8527.exe
4220	Unicorn-40223.exe
1740	Unicorn-62964.exe
1704	Unicorn-21932.exe
4224	Unicorn-30654.exe
2348	Unicorn-10099.exe
1272	Unicorn-34869.exe
2908	Unicorn-23171.exe
5036	Unicorn-2004.exe
1784	Unicorn-14256.exe
2424	Unicorn-50244.exe
4748	Unicorn-51480.exe
2612	Unicorn-51480.exe
2820	Unicorn-20431.exe
3944	Unicorn-11516.exe
1848	Unicorn-36021.exe
1656	Unicorn-16155.exe
2156	Unicorn-11516.exe
848	Unicorn-5386.exe
1652	Unicorn-48273.exe
4512	Unicorn-16569.exe
4712	Unicorn-31422.exe
4388	Unicorn-43120.exe
4452	Unicorn-54610.exe
2648	Unicorn-63540.exe
1248	Unicorn-23254.exe
3420	Unicorn-52912.exe
3872	Unicorn-6975.exe
2124	Unicorn-1110.exe
3260	Unicorn-45917.exe
2024	Unicorn-4884.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3192	2348	WerFault.exe	130
7876	6236	WerFault.exe	247

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62792.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
17224	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	3732	dwm.exe
Token: SeChangeNotifyPrivilege	3732	dwm.exe
Token: 33	3732	dwm.exe
Token: SeIncBasePriorityPrivilege	3732	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe
3496	Unicorn-53872.exe
1472	Unicorn-23312.exe
4904	Unicorn-41271.exe
1760	Unicorn-14204.exe
2016	Unicorn-58807.exe
2192	Unicorn-13135.exe
5040	Unicorn-44831.exe
4532	Unicorn-50525.exe
1544	Unicorn-55164.exe
4080	Unicorn-17661.exe
2568	Unicorn-17661.exe
1644	Unicorn-22299.exe
3368	Unicorn-11530.exe
1296	Unicorn-21745.exe
4704	Unicorn-41900.exe
5096	Unicorn-26836.exe
216	Unicorn-20291.exe
3144	Unicorn-6223.exe
3308	Unicorn-12345.exe
4760	Unicorn-64469.exe
1216	Unicorn-19030.exe
2216	Unicorn-15736.exe
4328	Unicorn-1437.exe
3612	Unicorn-41309.exe
3440	Unicorn-7567.exe
448	Unicorn-3598.exe
2620	Unicorn-45128.exe
464	Unicorn-58200.exe
4736	Unicorn-20374.exe
4492	Unicorn-41309.exe
2128	Unicorn-40240.exe
2268	Unicorn-34101.exe
456	Unicorn-8527.exe
388	Unicorn-14235.exe
4220	Unicorn-40223.exe
1740	Unicorn-62964.exe
1704	Unicorn-21932.exe
4224	Unicorn-30654.exe
2348	Unicorn-10099.exe
1272	Unicorn-34869.exe
2908	Unicorn-23171.exe
5036	Unicorn-2004.exe
1784	Unicorn-14256.exe
2424	Unicorn-50244.exe
2820	Unicorn-20431.exe
4748	Unicorn-51480.exe
2612	Unicorn-51480.exe
3944	Unicorn-11516.exe
2156	Unicorn-11516.exe
1652	Unicorn-48273.exe
848	Unicorn-5386.exe
1848	Unicorn-36021.exe
1656	Unicorn-16155.exe
4512	Unicorn-16569.exe
4712	Unicorn-31422.exe
1248	Unicorn-23254.exe
4388	Unicorn-43120.exe
3420	Unicorn-52912.exe
2648	Unicorn-63540.exe
4452	Unicorn-54610.exe
3872	Unicorn-6975.exe
2124	Unicorn-1110.exe
3260	Unicorn-45917.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 3496	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	85
PID 4992 wrote to memory of 3496	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	85
PID 4992 wrote to memory of 3496	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	85
PID 3496 wrote to memory of 1472	3496	Unicorn-53872.exe	86
PID 3496 wrote to memory of 1472	3496	Unicorn-53872.exe	86
PID 3496 wrote to memory of 1472	3496	Unicorn-53872.exe	86
PID 4992 wrote to memory of 4904	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	87
PID 4992 wrote to memory of 4904	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	87
PID 4992 wrote to memory of 4904	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	87
PID 1472 wrote to memory of 1760	1472	Unicorn-23312.exe	88
PID 1472 wrote to memory of 1760	1472	Unicorn-23312.exe	88
PID 1472 wrote to memory of 1760	1472	Unicorn-23312.exe	88
PID 4904 wrote to memory of 2192	4904	Unicorn-41271.exe	89
PID 4904 wrote to memory of 2192	4904	Unicorn-41271.exe	89
PID 4904 wrote to memory of 2192	4904	Unicorn-41271.exe	89
PID 3496 wrote to memory of 2016	3496	Unicorn-53872.exe	90
PID 3496 wrote to memory of 2016	3496	Unicorn-53872.exe	90
PID 3496 wrote to memory of 2016	3496	Unicorn-53872.exe	90
PID 4992 wrote to memory of 5040	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	91
PID 4992 wrote to memory of 5040	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	91
PID 4992 wrote to memory of 5040	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	91
PID 1760 wrote to memory of 4532	1760	Unicorn-14204.exe	96
PID 1760 wrote to memory of 4532	1760	Unicorn-14204.exe	96
PID 1760 wrote to memory of 4532	1760	Unicorn-14204.exe	96
PID 1472 wrote to memory of 1544	1472	Unicorn-23312.exe	97
PID 1472 wrote to memory of 1544	1472	Unicorn-23312.exe	97
PID 1472 wrote to memory of 1544	1472	Unicorn-23312.exe	97
PID 2016 wrote to memory of 1296	2016	Unicorn-58807.exe	98
PID 2016 wrote to memory of 1296	2016	Unicorn-58807.exe	98
PID 2016 wrote to memory of 1296	2016	Unicorn-58807.exe	98
PID 5040 wrote to memory of 2568	5040	Unicorn-44831.exe	99
PID 5040 wrote to memory of 2568	5040	Unicorn-44831.exe	99
PID 5040 wrote to memory of 2568	5040	Unicorn-44831.exe	99
PID 4992 wrote to memory of 4704	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	102
PID 4992 wrote to memory of 4704	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	102
PID 4992 wrote to memory of 4704	4992	d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe	102
PID 4904 wrote to memory of 1644	4904	Unicorn-41271.exe	103
PID 4904 wrote to memory of 1644	4904	Unicorn-41271.exe	103
PID 4904 wrote to memory of 1644	4904	Unicorn-41271.exe	103
PID 3496 wrote to memory of 3368	3496	Unicorn-53872.exe	100
PID 3496 wrote to memory of 3368	3496	Unicorn-53872.exe	100
PID 3496 wrote to memory of 3368	3496	Unicorn-53872.exe	100
PID 2192 wrote to memory of 4080	2192	Unicorn-13135.exe	101
PID 2192 wrote to memory of 4080	2192	Unicorn-13135.exe	101
PID 2192 wrote to memory of 4080	2192	Unicorn-13135.exe	101
PID 4532 wrote to memory of 5096	4532	Unicorn-50525.exe	105
PID 4532 wrote to memory of 5096	4532	Unicorn-50525.exe	105
PID 4532 wrote to memory of 5096	4532	Unicorn-50525.exe	105
PID 1760 wrote to memory of 216	1760	Unicorn-14204.exe	106
PID 1760 wrote to memory of 216	1760	Unicorn-14204.exe	106
PID 1760 wrote to memory of 216	1760	Unicorn-14204.exe	106
PID 1544 wrote to memory of 3144	1544	Unicorn-55164.exe	107
PID 1544 wrote to memory of 3144	1544	Unicorn-55164.exe	107
PID 1544 wrote to memory of 3144	1544	Unicorn-55164.exe	107
PID 1472 wrote to memory of 3308	1472	Unicorn-23312.exe	108
PID 1472 wrote to memory of 3308	1472	Unicorn-23312.exe	108
PID 1472 wrote to memory of 3308	1472	Unicorn-23312.exe	108
PID 4080 wrote to memory of 4760	4080	Unicorn-17661.exe	109
PID 4080 wrote to memory of 4760	4080	Unicorn-17661.exe	109
PID 4080 wrote to memory of 4760	4080	Unicorn-17661.exe	109
PID 2192 wrote to memory of 1216	2192	Unicorn-13135.exe	110
PID 2192 wrote to memory of 1216	2192	Unicorn-13135.exe	110
PID 2192 wrote to memory of 1216	2192	Unicorn-13135.exe	110
PID 1644 wrote to memory of 2216	1644	Unicorn-22299.exe	111

C:\Users\Admin\AppData\Local\Temp\d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe
"C:\Users\Admin\AppData\Local\Temp\d1a2fe3c49f360661c03ecf621822162a2c174c6672d245e7dcd2272fa9ace31N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        11⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
        11⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        10⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        10⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        9⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        9⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        10⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        11⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        11⤵
        
        PID:19088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        10⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        8⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        7⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        10⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        10⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        10⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        9⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        9⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        9⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        8⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        8⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        7⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
        11⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        11⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        10⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        10⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        10⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        9⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44921.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        9⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        7⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6922.exe
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        9⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        9⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        8⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
        7⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        8⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        8⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        7⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        7⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        9⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        10⤵
        
        PID:18972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        9⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        9⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        9⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        9⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        7⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        9⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        9⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        9⤵
        
        PID:17764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        7⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        6⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 488
        7⤵
        Program crash
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        6⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        7⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        8⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        7⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
        7⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        6⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        8⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        7⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        6⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        9⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        10⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        10⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        10⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        9⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        7⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        8⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        9⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        9⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        9⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        7⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        7⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        6⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        7⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17913.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        6⤵
        
        PID:16944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        9⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        10⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        9⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        9⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        7⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-938.exe
        7⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        7⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        6⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        8⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
        6⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        7⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29387.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9588.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        5⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        5⤵
        
        PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 468
        5⤵
        Program crash
        
        PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
      4⤵
      PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        5⤵
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
      4⤵
      PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
      4⤵
      PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46039.exe
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41265.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        8⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        7⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
        7⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        7⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        7⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        9⤵
        
        PID:18992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        8⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        6⤵
        
        PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        7⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        6⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        5⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        5⤵
        
        PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62262.exe
      4⤵
      PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        5⤵
        
        PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
      4⤵
      PID:1416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        9⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        9⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        9⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34117.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        8⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        7⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24606.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        8⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        7⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        6⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        8⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        8⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        7⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        6⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
        7⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        6⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        7⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        6⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        6⤵
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60586.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        5⤵
        
        PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
      4⤵
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        6⤵
        
        PID:19008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        5⤵
        
        PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        5⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        5⤵
        
        PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
      4⤵
      PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
      4⤵
      PID:17476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        6⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        7⤵
        
        PID:18964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        7⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        7⤵
        
        PID:18576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        6⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        6⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        5⤵
        
        PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        6⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
      4⤵
      PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        5⤵
        
        PID:18392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
      4⤵
      PID:17728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        5⤵
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12737.exe
      4⤵
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
      4⤵
      PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
      4⤵
      PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        5⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        5⤵
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
      4⤵
      PID:11608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
      4⤵
      PID:11884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
      4⤵
      PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
      4⤵
      PID:9428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
    3⤵
    PID:16796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
    3⤵
    PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        10⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        10⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        10⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        9⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        9⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        8⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        7⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10870.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        7⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        9⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        9⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        9⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        8⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        8⤵
        
        PID:18928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        7⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        8⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        8⤵
        
        PID:19080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        6⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        7⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        6⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        6⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        7⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        6⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43717.exe
        6⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        5⤵
        
        PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35920.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        7⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        7⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        7⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        6⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        5⤵
        
        PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        6⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        5⤵
        
        PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
      4⤵
      PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
      4⤵
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
      4⤵
      PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        6⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        9⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        9⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        9⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        8⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        6⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        6⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        7⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        6⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        6⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        5⤵
        
        PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        7⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        7⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        5⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        5⤵
        
        PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        5⤵
        
        PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
      4⤵
      PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
      4⤵
      PID:6536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        7⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        5⤵
        
        PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37958.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        6⤵
        
        PID:19028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        5⤵
        
        PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
      4⤵
      PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53372.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
        5⤵
        
        PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
      4⤵
      PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        5⤵
        
        PID:18292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
      4⤵
      PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        5⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
      4⤵
      PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
    3⤵
    PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
      4⤵
      PID:18376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
    3⤵
    PID:13088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
    3⤵
    PID:5776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        7⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18253.exe
        6⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        7⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        6⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        6⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2226.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        5⤵
        
        PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        7⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        5⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        5⤵
        
        PID:12628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
      4⤵
      PID:17872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        7⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        7⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        6⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        5⤵
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        7⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21864.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
      4⤵
      PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6266.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      4⤵
      PID:12988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        6⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        5⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        5⤵
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
      4⤵
      PID:17456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
    3⤵
    PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
      4⤵
      PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        5⤵
        
        PID:17480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5374.exe
    3⤵
    PID:9776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
    3⤵
    PID:11196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
    3⤵
    PID:17324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        6⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        8⤵
        
        PID:13272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41414.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64913.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        6⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        5⤵
        
        PID:18360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
      4⤵
      PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
      4⤵
      PID:8936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        6⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        5⤵
        
        PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
      4⤵
      PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
      4⤵
      PID:6808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
      4⤵
      PID:6816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
    3⤵
    PID:9740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
    3⤵
    PID:14932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
    3⤵
    PID:17536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        7⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        6⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        6⤵
        
        PID:17828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        5⤵
        
        PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
      4⤵
      PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
      4⤵
      PID:17684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        5⤵
        
        PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
      4⤵
      PID:8520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
    3⤵
    PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
      4⤵
      PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
    3⤵
    PID:12260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
    3⤵
    PID:1820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
    3⤵
    PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        5⤵
        
        PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      4⤵
      PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
    3⤵
    PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
      4⤵
      PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
    3⤵
    PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
      4⤵
      PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
    3⤵
    PID:13060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
  2⤵
  PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
      4⤵
      PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55830.exe
        5⤵
        
        PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
      4⤵
      PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
    3⤵
    PID:14616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
    3⤵
    PID:9248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21904.exe
    3⤵
    PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
      4⤵
      PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20800.exe
      4⤵
      PID:17348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
    3⤵
    PID:12036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
    3⤵
    PID:17104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
    3⤵
    PID:8748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
  2⤵
  PID:10048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
  2⤵
  PID:14592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2348 -ip 2348
1⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6236 -ip 6236
1⤵
PID:6344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:17224

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe

Filesize
468KB

MD5
06da51d56c665bc4766eef67e4ea3df2

SHA1
c49f883457c0bf45f9cae94ee2ddec3d401cc20a

SHA256
e8b30c4555145d09dd6f788820c9fefcababbbc7b11c02a48bec55dcd92fa3b0

SHA512
7a7182075f859e4a3f08e2011ed3aebaae60426e3b1ffa90b6798ba5f402b013549efa271a3f97718c6ce298b44d61dd02f24cfc26936c777fe803c254ae9a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe

Filesize
468KB

MD5
416678ba514aa4cc8c795110c06a36c6

SHA1
df0f5bbd5e97188791cd494a1628441c18d9d3c9

SHA256
f9e70dc9c06683aefb9dcd33019d33e19f85301f76ad2e107fc833ddc9db6ac2

SHA512
a44b09fe640f19addacf0ad43a5f4f46e0f371baa26ad6b934e993f1ba2169b6486403573af534e9518209bacb546882ee1a9523a1b754d312d370c8b2fac01a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13135.exe

Filesize
468KB

MD5
17730f40124249b61251e2e90030d6c8

SHA1
33d88ca1cf45614d41168c3cb05365859121516c

SHA256
e85d28d3c5f1474a0574b2ca4f518d0645080cb538105d9c8923f9f790ee3874

SHA512
c7d75e26c3d7e80640d15f8dccc94122ea8e1f7ffcf7f65e4e9717da987759f0893ba32449cc54556e37336d2923df21f5ac9fb6a51caa3301ce389f5e0c3cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe

Filesize
468KB

MD5
7cd18beebc375f9fa4c063b71f30f89b

SHA1
3928f1d6c6c78aa567eacd800735cba80ee5df0b

SHA256
916313affdc92fd0392fb4cfa7650692221fb9512f398a8c70bac87f5aaf8140

SHA512
2767c0a5f11a42ca9ca92e1623124f3e2d58da9abf433b243ecd5840916e8c7aaeb3c073ef0a2e79a6a49e7e3406fde1922d8586f83b1f905e769a054eb6f9fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe

Filesize
468KB

MD5
3e11a960cc0a4841390e9a3f14dd67c4

SHA1
567a6b3edc3967203cb24f0ee88d5ff2a88c0b85

SHA256
aee6225dd3b30f45808a53e460af66cb391d72c498a4bafde57191950f28bbd4

SHA512
584242d29e6c80756a91b3ff6d735ed4ea524fda4c3a622b5f2e6f9859d6360a8ae5fa6989e94addc9765d95eac02ae809aa9e6b96b513706da5cb5a6971cb6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe

Filesize
468KB

MD5
8643c4eb55f7ab6504dcdea4504f45fa

SHA1
8b4e9d2dde92eb83c4b210d6c87c48e792d11689

SHA256
2d25720f0e7535cfea4b80091688d2b5cf4142dc33468050dd2f660c6cb15f52

SHA512
a8f69d66eb642faf1b0e14b0013b013af3d1e34c585c2986f09b6811913189bc3025aacc7cc774cf8fdf6ba6ba320c1380932b03697c0b5673fd8ed302edcfa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe

Filesize
468KB

MD5
1b74bed1bf63879d975853035af02d4c

SHA1
b4df9710baa8773d2977fe6a1a290d5e7c63636c

SHA256
0488407052d0f1977fbeba6b61143f9fd47adcf7cf5f838fdbb529e849c5e056

SHA512
7d161ea5411e7aa579a1b42dc1905c93512911b9008f12cee268fd033ff9c6014caa0fc6edb4d1dcff32527e59b2810cc98fb339e79ded45483fee0744211ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe

Filesize
468KB

MD5
b9db7fd1fa190e7170e20066c1b4e5a3

SHA1
a5c15d879c95424d0442c21370816fbe08fda47f

SHA256
1957b3a17b6ff06d31ed0df7f0085efb46baadc72168713c7c6a6e030bb522d4

SHA512
d49fbcc3100f6471ca0f69a2fe82a8a60d09e60ae0381cc34b273b59825ad3b21f1106a1aa1cb111cc1c470431edfb5476654f0a31201f37fb43c60a56da2ee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe

Filesize
468KB

MD5
14169dbacaed357c26eae2d665ce72ec

SHA1
cfc78331ebb12cb76c47351a43cb5730055fdd5b

SHA256
40aa25d54a41504b08f0142d0e248c8a79c7c588fb4b65678c331c21cfb521c3

SHA512
2aa18f150f4d3f839f3e44d562446a6b70cd937a9c8419a540858a91a554bd8b21e6a92a9d358fa4ed7a4915a12874a0dd5be83fab8f21484f105109a86b1b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe

Filesize
468KB

MD5
a0c05a21e04ff2a4b695b0973c792770

SHA1
d3c6ab2a49d5a941fc9d4c4a18d9a7056ee2e397

SHA256
5e81cf94845dba5145a6a91a750cd7f6ae6f0dab628fbc88334453c5efea3a61

SHA512
f49adfc23d0f327998bd891868c6e683c3ceca2d3d29b22f4a126f90b69db218153aa0ddec34a137ab5aca77a05768ff470c542ddb21d12727cb96c440431ed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe

Filesize
468KB

MD5
73c61918a45764a335f78c5e4909b6e4

SHA1
041d6f1cbd0ac5dceeb34dc834c1c6b1cb325622

SHA256
37de4b4b7c529c50cac813aab3f99d82d5e935672f78cb636657b05a13f46e2e

SHA512
4f8646b29ac9f5f48ab5ec8abf654ddbc1bb6280223c1b9ea678cbefb14f5184fdeaad837b0cb495b2eec256d18932d4fd60acc3081cb32f121edb96f48df604

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe

Filesize
468KB

MD5
e25637f7fdb1c24a5c837ff807d350c3

SHA1
4305d47f1957a471998e15dd9715ecf3d593350a

SHA256
874ce185a930103349c5e019d42589e6a72599d38d7ec542e4c5602f5442d30a

SHA512
f8b8a5129c60ff6248e72deafefae1cc6b1e18d513058cccb6ab9c9b45fddf88b00a753dc9c34291cfe2b582b28f7d2539a986c89b2dd29488478c7acc345e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe

Filesize
468KB

MD5
abb5ff8b2648d71902eb332d2dbf4d12

SHA1
93918526cf9d50bd74bb7dd662130451dd79ea18

SHA256
f075e692a3921b13785ad12c1596ddb8061b853a197d932e00eddc7646865994

SHA512
b3fdf8bf8abc68110a1181ffb632999ce73942da9aa47e24484725ea251f015e297330d4621c9c0288a2e925c482ff582b1d42554f45d8b914fd052a11157c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe

Filesize
468KB

MD5
04d8ce76918710aea799e416815320d0

SHA1
283eab89c6e57a660e948f8c43570cdc57c5a68b

SHA256
68f3a8bdfb9d81228dc37b107111f7d2c0e0606ef55be8619e614322b921c392

SHA512
6a1bfd437e12c22ea690026e4f80e19877c61b0cdaf9e9372ca1dbf30ff8bc2fd2e87f940e94aec1fcd69e0e57961af39ea622411b56e479fb487810a49b7c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe

Filesize
468KB

MD5
38d5bdc82d3a5a0bdcded2b7d2508e7d

SHA1
24236fd8bdd43ce7973d69a8c8ee24b745db9951

SHA256
536e5f0110bd28b5c47a1c7c2870f523c9dd70b482860e343acb7a94dde6736d

SHA512
45451a7a0cf3ba65819c86a5db5f4a83d2ae2ba3a5ad25c4daa235bbc454f997d9611be80f6ec29f85a929e04e4e374add41f45cdc7828b8a2b28cb3807a9492

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe

Filesize
468KB

MD5
0c52b937a89ac728c578cb4b8c16d932

SHA1
a26cc5640a10f1401ce60d7db5f329f53954c66e

SHA256
2643730ada0c87a3dd26e4a6d02b742f84232a840524662f6aa774c99d1fb8b5

SHA512
2dd627137ec54960f9a4798621147d8049d4b6d3bec66ab7c0874134cc253551eeecaa5bd46f5da9699d2c372ab299d6b1d4da3c0ad5d8392e857ee7b8b75fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe

Filesize
468KB

MD5
5ac4ee9428d0aa6afd116a59bee3724d

SHA1
abe87f99ac23e2da1a4f92fef2872d289b153be7

SHA256
c16dca8605bbfaf96bfe259ff1b80ddb2d1f494701f603b5eac51519844ba915

SHA512
364eb89e6c5c17db34c56de9dda4ef17a612af59bd77dc14f1a3401e5a43cfe08fbe3de76dd193f210e310ddcabb9b72046c3c5a57cf721c992c06ada988d52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3598.exe

Filesize
468KB

MD5
9faf564f15a2a86203ed0c9d0eb0c37c

SHA1
af0c316d6a0f1a8e05702c7b2fdf4f8f7e261fa9

SHA256
b46f1a6029ac503581361bda447418a7c518def302407df81999c2b8d5f2c9a3

SHA512
0e7a72f5e910874ad5de94a5f22bb5ff70aabe620b56c9314833b35e051d3504405ff699414ee009f462aea213fb65bb0340a1e948d373cc693dea7f063b0138

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe

Filesize
468KB

MD5
7136533f5209dd370480335bb4874897

SHA1
d6e712ae8b904971bf3bede9e5ecdf2369238bbe

SHA256
0c0af1dd873b58880cd865d90287774c000be6cdfe3b83c1c361b989fb603028

SHA512
75a7c59d7535bec7044e11bb05b8ad45cd26f8ef6ddfe6ef516beddd609ada244151f1ed8e15a4885ce81c0728299755052a095e45ac63453cbc8a016f9adce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe

Filesize
468KB

MD5
91f3606bf9bdecd8844742a816b854bb

SHA1
e83755fd7563d6597b1003221f0dbc5c8931d0b2

SHA256
cae952dc7c1a7a8e6b45e0dc62f1664044f91214932577a54bc37a181b7b3ae9

SHA512
434493f88371b307a868e87910bceea9cf3e22821b53c2fe6ddefb5be2853f608eae14148979455a2c26d3c2b97456f68086286bbd15c3320348477b5ad7e558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe

Filesize
468KB

MD5
b486a782bd2766a234d5fc82ab9128a9

SHA1
d0960ba5dff387bf5ad9a8a8f4e5b36e14cbd1d5

SHA256
8629142360de6510f70e73ba3006758089718fbe815dcd09f4382b2411c80c1d

SHA512
06ce5d7771bb3707074668a06f65d7e7d8b53ac8b8fe47c2bc3309458f15599f537b2d8ee02e3dadff108ebd81192c314eeb64a8619bb2addbbf9dd011883c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe

Filesize
468KB

MD5
0c536095709f13d80ade4d6200695331

SHA1
cc3127e8b8b6e565a4fbe11e449ac9d06292e20c

SHA256
95724c1bf4f6793bd27fdb0be06e846d27997378b1cf0ae6145f1ae55a8a1eb2

SHA512
fe9b97094e0e287a15810aa7cd6c97c38a5280ba0b7c89127cb703285b41cd101c34a4f5d1c5d19db48613445b1bbebeb649de42e6142b43e865eb64e37789ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe

Filesize
468KB

MD5
3839d6174c261770d5af785bd7f11de0

SHA1
b7efecefc2e419dfabd6f427046721e22c091113

SHA256
12a4d1daf397a521c1ad6ece882a5539897f89e4b5d99d635139a27072dee1eb

SHA512
95cdcb1bd36e44e87212defe4a736ddccdd52438c2df9dac27b1b44868666862febc829ab42391b4c7e1c3fa4006bc1f4226cdf5164e07b36725b532652ff8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45128.exe

Filesize
468KB

MD5
04127b9f40a6a753a18308ddf2a1871a

SHA1
c183652821a0357137b6d2ebb6da88647b8f55a4

SHA256
93c2d8e9045ce5763976e04522ef85701c78b529644cb525246af969949c06a6

SHA512
f170509806645bcfc4d8a24c5de0b07b0eb61fb3be832e3979fd946bea0fe7a4cf9dfcb275cfe4cdad1c8a2d286072b5eb92cd35810b2a932322f3482024b31b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe

Filesize
468KB

MD5
51b0cf54c492b1e4a36a970671d939a9

SHA1
34c141c412a5f2400fd0884113621cccde459a24

SHA256
82fa94d9aa568df726f58ab8ac83fc6289983aff6b1ccaa6aac1983c1c0615a4

SHA512
ed0a03e53aa0ab1f77151748712e1f786a496b0b5fa9163bd135267221151143e3887d0935b89447252149bbf7842c96dfda1ba666cd453e9848071ff183bedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe

Filesize
468KB

MD5
ed861a1f17877b69866a0cf469e561c1

SHA1
d5d147791965882b44a16ffbdfd5d424fd67b824

SHA256
3f62e469660923efd646bc9ebadde1cc934564c910d33014c57c0581149543ea

SHA512
e2213e9180a6331fa5595a82a2d51ed0d1cf3623209da0e3b4b56cd101242b87614713d1e515260e4b1d085c009306c9b6f0aafa7326a5a4e06f48088ad2513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe

Filesize
468KB

MD5
ebeca69c28ac564d2984929744cf9618

SHA1
2728e6267c1a1bf5a14b10354fcf3eec6176df5e

SHA256
594cee75e08e7aa59cb881b1a5ba11b97bbb86a4da9c1be7eabb8dd48c31266e

SHA512
d76497a48bd4bf0db7e49c111d4c518327c74c33c098f95c2dc69f6d7bd4f57d24bf1b45b0a9177f8b0518b5f595976f145cf37f025cdbfb9c4b12f808aef575

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe

Filesize
468KB

MD5
27c6a4d81a7fa8eca7be667a998f7ae8

SHA1
207c409ebf4504560d81d4dda35ca5333d733e4f

SHA256
6bb02d1b495ed633a52aa126273a6ddbc4208f79cbfe1957055b732bf4157f4c

SHA512
a8bd7d31fd286f81161774e88bad957a6a0979a9753d638f3c6d2b7cedc0d4272b7ae92e553cfda99a1e0c687e6d9c164cbcfb14844db0cf7076e30011048e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe

Filesize
468KB

MD5
bc49c192fed0ec03597e2b52ef865f15

SHA1
8234a3ad50c48dc6dbd1656543f87cec688e9ea2

SHA256
96ccbe3bd21ea417e79550152af485f248a5e61dec306bf3a4b01d6efcb89c8d

SHA512
679752f8acc442579adc4264cfbcb3066ac5873a9520346cbec23d714705f29132437e6c1462dc89dbcaafd678a088c25bf3d0d872424213925b112f69d47d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe

Filesize
468KB

MD5
7be7ece2cdd9998a7b26afe5ad3e907f

SHA1
ac63fe09c83b38b1638fac1f123184df12b928b9

SHA256
ff88c96e6baff794185539537d4d405b62363246475e6f39fb9a8df256a3af8e

SHA512
c30e966d2e5aab14e5925be30e00192fd3bfeb7c250f6c0551d08557a7d7cd20fd53edd7e50f6bc58d2f5430baeea1203cd901fefd0e3d22cfd25798c7109acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe

Filesize
468KB

MD5
bd75f2ac78d3af0ce0bc6321ed1b4151

SHA1
e7125ed89209ae0ab4f0f8ce64f142dadc094dad

SHA256
597af664f9952a1e184defe9727f8821bcaa01cff847a64d43d133d75f769641

SHA512
157f94483ebfb820f8eacad00c8cf9b3e6ceac3c17b5abc4065d86083c379b54715b4e461de708ca00054cdabfc79aa4739dc8c2d38ef46f2b0bcd3cfc0c50b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe

Filesize
468KB

MD5
5fa8652c554bfb093ced403eff33b99c

SHA1
fa6e3e4b4169b2b277b09a8edc07addebd53e0cb

SHA256
48076b89025940647dc406adcd1ed0ffe9d54b692feaefb95478e878cc598010

SHA512
ccc6d955a9152918e7cce1fac0bcbd9e5e0b66f2c98ad62ba7b19308cdc54a30eddd90752e1e293b509228f4bb5def6ac4cddd79a1bb5b6fb565d07186887067

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads