26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67

Analysis

max time kernel
114s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe
Size

468KB
MD5

92cd4e57929418c347c8233ce53eaeb0
SHA1

7cc1b531fa77850c6e3ee63d430ceb6d2f6b4dcc
SHA256

26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67
SHA512

d4e17a5a537f5c1d12bd47d8f92da9ff7dcccb6d134eb1558f6445515a485faafa67f02977f14e0de1f6cc03239ecbc0bf0a92d0cd6c4bbcaa9f06ba60dfdc12
SSDEEP

3072:CgaQogIfIU57JbYEPCZjbFa/ECLLsIp9QlHeXVYJbjTLOanu5+l7:CgVoec7J7PqjbFl0Nibj31nu5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3260	Unicorn-28192.exe
3708	Unicorn-51902.exe
4120	Unicorn-36120.exe
3012	Unicorn-16106.exe
4564	Unicorn-9975.exe
4548	Unicorn-26988.exe
932	Unicorn-7122.exe
3652	Unicorn-11803.exe
3832	Unicorn-54517.exe
780	Unicorn-42892.exe
1192	Unicorn-26002.exe
3772	Unicorn-27948.exe
4836	Unicorn-25901.exe
3276	Unicorn-56728.exe
3692	Unicorn-51061.exe
3784	Unicorn-2613.exe
3152	Unicorn-13474.exe
5104	Unicorn-5935.exe
4916	Unicorn-14865.exe
3952	Unicorn-37808.exe
4680	Unicorn-45976.exe
4712	Unicorn-45976.exe
3280	Unicorn-26110.exe
4828	Unicorn-64350.exe
1232	Unicorn-50615.exe
2628	Unicorn-60174.exe
3760	Unicorn-4943.exe
2428	Unicorn-4678.exe
4356	Unicorn-50615.exe
1184	Unicorn-60174.exe
1400	Unicorn-64350.exe
4056	Unicorn-34300.exe
4304	Unicorn-11741.exe
4960	Unicorn-64211.exe
3684	Unicorn-12409.exe
2292	Unicorn-18540.exe
4724	Unicorn-36052.exe
716	Unicorn-45737.exe
4156	Unicorn-22624.exe
4204	Unicorn-24954.exe
2608	Unicorn-54289.exe
4008	Unicorn-43428.exe
4484	Unicorn-45929.exe
3160	Unicorn-49458.exe
2960	Unicorn-39706.exe
2700	Unicorn-31560.exe
4520	Unicorn-37782.exe
5080	Unicorn-45950.exe
4180	Unicorn-25073.exe
3936	Unicorn-16407.exe
2536	Unicorn-29422.exe
3604	Unicorn-33506.exe
2872	Unicorn-17170.exe
3640	Unicorn-28030.exe
2612	Unicorn-17170.exe
1376	Unicorn-9001.exe
3840	Unicorn-11502.exe
3504	Unicorn-19116.exe
2380	Unicorn-38144.exe
752	Unicorn-21153.exe
3612	Unicorn-21153.exe
5024	Unicorn-25237.exe
3476	Unicorn-3355.exe
816	Unicorn-32498.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
9936	5224	WerFault.exe	180
14788	6276	WerFault.exe	272
16340	6376	WerFault.exe	276

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9260.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6528	dwm.exe
Token: SeChangeNotifyPrivilege	6528	dwm.exe
Token: 33	6528	dwm.exe
Token: SeIncBasePriorityPrivilege	6528	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe
3260	Unicorn-28192.exe
4120	Unicorn-36120.exe
3708	Unicorn-51902.exe
4564	Unicorn-9975.exe
3012	Unicorn-16106.exe
932	Unicorn-7122.exe
4548	Unicorn-26988.exe
3652	Unicorn-11803.exe
3832	Unicorn-54517.exe
780	Unicorn-42892.exe
1192	Unicorn-26002.exe
3692	Unicorn-51061.exe
3276	Unicorn-56728.exe
3772	Unicorn-27948.exe
4836	Unicorn-25901.exe
3152	Unicorn-13474.exe
3784	Unicorn-2613.exe
5104	Unicorn-5935.exe
4916	Unicorn-14865.exe
3952	Unicorn-37808.exe
4712	Unicorn-45976.exe
4680	Unicorn-45976.exe
4828	Unicorn-64350.exe
1232	Unicorn-50615.exe
3760	Unicorn-4943.exe
1400	Unicorn-64350.exe
3280	Unicorn-26110.exe
2628	Unicorn-60174.exe
4356	Unicorn-50615.exe
2428	Unicorn-4678.exe
1184	Unicorn-60174.exe
4056	Unicorn-34300.exe
4304	Unicorn-11741.exe
716	Unicorn-45737.exe
4960	Unicorn-64211.exe
4156	Unicorn-22624.exe
3684	Unicorn-12409.exe
4724	Unicorn-36052.exe
2292	Unicorn-18540.exe
4204	Unicorn-24954.exe
2608	Unicorn-54289.exe
4008	Unicorn-43428.exe
4484	Unicorn-45929.exe
3160	Unicorn-49458.exe
2960	Unicorn-39706.exe
2700	Unicorn-31560.exe
5080	Unicorn-45950.exe
4180	Unicorn-25073.exe
4520	Unicorn-37782.exe
2536	Unicorn-29422.exe
3936	Unicorn-16407.exe
3604	Unicorn-33506.exe
2380	Unicorn-38144.exe
2612	Unicorn-17170.exe
3640	Unicorn-28030.exe
3840	Unicorn-11502.exe
3612	Unicorn-21153.exe
1376	Unicorn-9001.exe
3504	Unicorn-19116.exe
2872	Unicorn-17170.exe
752	Unicorn-21153.exe
5024	Unicorn-25237.exe
3476	Unicorn-3355.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 3260	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	83
PID 4332 wrote to memory of 3260	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	83
PID 4332 wrote to memory of 3260	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	83
PID 3260 wrote to memory of 3708	3260	Unicorn-28192.exe	86
PID 3260 wrote to memory of 3708	3260	Unicorn-28192.exe	86
PID 3260 wrote to memory of 3708	3260	Unicorn-28192.exe	86
PID 4332 wrote to memory of 4120	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	87
PID 4332 wrote to memory of 4120	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	87
PID 4332 wrote to memory of 4120	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	87
PID 4120 wrote to memory of 3012	4120	Unicorn-36120.exe	90
PID 4120 wrote to memory of 3012	4120	Unicorn-36120.exe	90
PID 4120 wrote to memory of 3012	4120	Unicorn-36120.exe	90
PID 4332 wrote to memory of 4564	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	91
PID 4332 wrote to memory of 4564	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	91
PID 4332 wrote to memory of 4564	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	91
PID 3708 wrote to memory of 4548	3708	Unicorn-51902.exe	93
PID 3708 wrote to memory of 4548	3708	Unicorn-51902.exe	93
PID 3708 wrote to memory of 4548	3708	Unicorn-51902.exe	93
PID 3260 wrote to memory of 932	3260	Unicorn-28192.exe	92
PID 3260 wrote to memory of 932	3260	Unicorn-28192.exe	92
PID 3260 wrote to memory of 932	3260	Unicorn-28192.exe	92
PID 4564 wrote to memory of 3652	4564	Unicorn-9975.exe	95
PID 4564 wrote to memory of 3652	4564	Unicorn-9975.exe	95
PID 4564 wrote to memory of 3652	4564	Unicorn-9975.exe	95
PID 4332 wrote to memory of 3832	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	96
PID 4332 wrote to memory of 3832	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	96
PID 4332 wrote to memory of 3832	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	96
PID 3708 wrote to memory of 780	3708	Unicorn-51902.exe	101
PID 3708 wrote to memory of 780	3708	Unicorn-51902.exe	101
PID 3708 wrote to memory of 780	3708	Unicorn-51902.exe	101
PID 4548 wrote to memory of 1192	4548	Unicorn-26988.exe	99
PID 4548 wrote to memory of 1192	4548	Unicorn-26988.exe	99
PID 4548 wrote to memory of 1192	4548	Unicorn-26988.exe	99
PID 932 wrote to memory of 3772	932	Unicorn-7122.exe	102
PID 932 wrote to memory of 3772	932	Unicorn-7122.exe	102
PID 932 wrote to memory of 3772	932	Unicorn-7122.exe	102
PID 3012 wrote to memory of 3276	3012	Unicorn-16106.exe	100
PID 3012 wrote to memory of 3276	3012	Unicorn-16106.exe	100
PID 3012 wrote to memory of 3276	3012	Unicorn-16106.exe	100
PID 3260 wrote to memory of 4836	3260	Unicorn-28192.exe	103
PID 3260 wrote to memory of 4836	3260	Unicorn-28192.exe	103
PID 3260 wrote to memory of 4836	3260	Unicorn-28192.exe	103
PID 4120 wrote to memory of 3692	4120	Unicorn-36120.exe	104
PID 4120 wrote to memory of 3692	4120	Unicorn-36120.exe	104
PID 4120 wrote to memory of 3692	4120	Unicorn-36120.exe	104
PID 3652 wrote to memory of 3784	3652	Unicorn-11803.exe	105
PID 3652 wrote to memory of 3784	3652	Unicorn-11803.exe	105
PID 3652 wrote to memory of 3784	3652	Unicorn-11803.exe	105
PID 4564 wrote to memory of 3152	4564	Unicorn-9975.exe	106
PID 4564 wrote to memory of 3152	4564	Unicorn-9975.exe	106
PID 4564 wrote to memory of 3152	4564	Unicorn-9975.exe	106
PID 4332 wrote to memory of 5104	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	107
PID 4332 wrote to memory of 5104	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	107
PID 4332 wrote to memory of 5104	4332	26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe	107
PID 3832 wrote to memory of 4916	3832	Unicorn-54517.exe	108
PID 3832 wrote to memory of 4916	3832	Unicorn-54517.exe	108
PID 3832 wrote to memory of 4916	3832	Unicorn-54517.exe	108
PID 3276 wrote to memory of 3952	3276	Unicorn-56728.exe	109
PID 3276 wrote to memory of 3952	3276	Unicorn-56728.exe	109
PID 3276 wrote to memory of 3952	3276	Unicorn-56728.exe	109
PID 780 wrote to memory of 4680	780	Unicorn-42892.exe	111
PID 780 wrote to memory of 4680	780	Unicorn-42892.exe	111
PID 780 wrote to memory of 4680	780	Unicorn-42892.exe	111
PID 3692 wrote to memory of 4712	3692	Unicorn-51061.exe	112

C:\Users\Admin\AppData\Local\Temp\26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe
"C:\Users\Admin\AppData\Local\Temp\26a629acc2b872da4edb206fa991d65ff107ccf3de6ab7a25e8e0f5267bebd67N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        10⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        10⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        9⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        9⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        9⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        9⤵
        
        PID:18276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        9⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        9⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        9⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        8⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        8⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        8⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
        9⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        9⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        8⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        8⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        7⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        7⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        9⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        9⤵
        
        PID:18704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        8⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20874.exe
        8⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        8⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        8⤵
        
        PID:18752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27897.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        6⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        9⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        9⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        8⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57398.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        8⤵
        
        PID:18612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        7⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        7⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        8⤵
        
        PID:18444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        7⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        6⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        8⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        6⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
        6⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
        9⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        9⤵
        
        PID:18520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        7⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        8⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
        7⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        6⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        5⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        5⤵
        
        PID:19348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        8⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 632
        8⤵
        Program crash
        
        PID:14788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 632
        7⤵
        Program crash
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        7⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        7⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11151.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        6⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        6⤵
        
        PID:18192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        5⤵
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        7⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        7⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        6⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28974.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        5⤵
        
        PID:488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        5⤵
        
        PID:732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
      4⤵
      PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
      4⤵
      PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        8⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        9⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        9⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        8⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        8⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        8⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        7⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        7⤵
        
        PID:18304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        8⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        7⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        7⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        5⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        5⤵
        
        PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3777.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
        5⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        5⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        5⤵
        
        PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        5⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
        5⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
        5⤵
        
        PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        5⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
      4⤵
      PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17684.exe
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        8⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        7⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        7⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        6⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53433.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
        5⤵
        
        PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23857.exe
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        6⤵
        
        PID:18604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        6⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49052.exe
        5⤵
        
        PID:18392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        5⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        5⤵
        
        PID:18684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
      4⤵
      PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        7⤵
        
        PID:18596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        6⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51664.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        5⤵
        
        PID:13848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        5⤵
        
        PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
      4⤵
      PID:632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        5⤵
        
        PID:16532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        5⤵
        
        PID:18508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
      4⤵
      PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
      4⤵
      PID:7524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
      4⤵
      PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
      4⤵
      PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
      4⤵
      PID:5976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
    3⤵
    PID:9508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
    3⤵
    PID:12300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
    3⤵
    PID:16912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        9⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2245.exe
        10⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        10⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        9⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        9⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        9⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32768.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19966.exe
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
        8⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        8⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        6⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        7⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54122.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        7⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36703.exe
        6⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
        6⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        8⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        7⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        7⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        7⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        5⤵
        
        PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        8⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        6⤵
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        6⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        5⤵
        
        PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        7⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13127.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        6⤵
        
        PID:18716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        5⤵
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        5⤵
        
        PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
      4⤵
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
      4⤵
      PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
      4⤵
      PID:18624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        6⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        7⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        7⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        5⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        6⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        8⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        7⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        7⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        7⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        6⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        6⤵
        
        PID:18456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        5⤵
        
        PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33662.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57683.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        5⤵
        
        PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        6⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        5⤵
        
        PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42406.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        5⤵
        
        PID:18572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12121.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
      4⤵
      PID:13124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
        7⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 600
        7⤵
        Program crash
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        6⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19158.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        6⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        5⤵
        
        PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        6⤵
        
        PID:18640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        5⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
        5⤵
        
        PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
      4⤵
      PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31439.exe
        5⤵
        
        PID:18696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
      4⤵
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      4⤵
      PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      4⤵
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
      4⤵
      PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
      4⤵
      PID:6852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26850.exe
    3⤵
    PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
      4⤵
      PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
      4⤵
      PID:18580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
    3⤵
    PID:11764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48932.exe
    3⤵
    PID:4136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23174.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5187.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        7⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        7⤵
        
        PID:18588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        7⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23535.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
        6⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
        5⤵
        Executes dropped EXE
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        8⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
        8⤵
        
        PID:18184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        7⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        6⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        5⤵
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42242.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        6⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        5⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
      4⤵
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        5⤵
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        5⤵
        
        PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
      4⤵
      PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
      4⤵
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        6⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        6⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34243.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59366.exe
        5⤵
        
        PID:18652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
      4⤵
      PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50580.exe
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
      4⤵
      PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39159.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12409.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
        6⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        5⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
      4⤵
      PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
      4⤵
      PID:4012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        5⤵
        
        PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
      4⤵
      PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
      4⤵
      PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
      4⤵
      PID:7244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
    3⤵
    PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
      4⤵
      PID:8148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
    3⤵
    PID:8844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
    3⤵
    PID:13256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
    3⤵
    PID:16544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49282.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        5⤵
        
        PID:18764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
      4⤵
      PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42208.exe
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
      4⤵
      PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
      4⤵
      PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
      4⤵
      PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
      4⤵
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        7⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        6⤵
        
        PID:18436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        5⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
        5⤵
        
        PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
      4⤵
      PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
      4⤵
      PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
    3⤵
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        5⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        5⤵
        
        PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
      4⤵
      PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
    3⤵
    PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
    3⤵
    PID:8856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
    3⤵
    PID:12352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
    3⤵
    PID:16840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        6⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
        7⤵
        
        PID:18480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        6⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        5⤵
        
        PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
        5⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
      4⤵
      PID:16848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        5⤵
        
        PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
      4⤵
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
      4⤵
      PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
      4⤵
      PID:380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
    3⤵
    PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
      4⤵
      PID:18676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
    3⤵
    PID:9944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
    3⤵
    PID:13748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
    3⤵
    PID:3496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
    3⤵
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        5⤵
        
        PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
      4⤵
      PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
      4⤵
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
      4⤵
      PID:14740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
    3⤵
    PID:8576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
    3⤵
    PID:12792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
    3⤵
    PID:16948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
  2⤵
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
    3⤵
    PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
      4⤵
      PID:8968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
    3⤵
    PID:13388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49040.exe
    3⤵
    PID:3212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
  2⤵
  PID:6988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
    3⤵
    PID:15232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
    3⤵
    PID:6840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
  2⤵
  PID:8952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
  2⤵
  PID:13292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5224 -ip 5224
1⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6276 -ip 6276
1⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6376 -ip 6376
1⤵
PID:15060

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe

Filesize
468KB

MD5
5b3196da703b1b7c3334477eef520333

SHA1
a991e42fd14b2f8c1ff1ae6ab791e44060cc5429

SHA256
5c3aa88ffb22187acf271544d180ddc10b27f28d0c1765d8483c617dcfdab676

SHA512
38f5c4fbb953efafe542f0f5501d2131e8527bb7157704b73dbb1bb73b2cba3ca9448f5f944dd863e278ab79858de5a5da53cc9dafc8431db4dc0981d1daf061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe

Filesize
468KB

MD5
8996df6fd1a8e1f5462d1b8d7ecad2de

SHA1
fcdbea1d1ead2cea31ce16ae7af0a8f6b5e4a7d3

SHA256
58857d476310d30a847047c6b10cde83e30ad225f7630adff9a3e795f5a7f257

SHA512
6e795d9a26c8a2b73e039a90fe167842923e3d7ddbbb49953b5f783d688c6990a47f82eb078157a1631360589f209283101e30c0934b188c74cf033bedfa5055

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe

Filesize
468KB

MD5
4b03818b5eb54525c2d664418809e00b

SHA1
6af5e38c461e8333ea9e6c2b0a093c60d62660c2

SHA256
e47c87e9f446d7f8ee34672eb39380da07c694c12061605f420334693210b5e5

SHA512
ae300000d218d95cac4806f41a4d70d70f0f189b41650ae05c8b4d9cbded1c85bb857c6b2ab9de3d378dc768fbe8a34e66d6d3c6ff35fc15beffe0050b37f1ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe

Filesize
468KB

MD5
1f01cad839657c8ff13d9342ca8530bd

SHA1
9e4e7e569f7497d49c6d9a4297e29fceffc91e1c

SHA256
f01465d23c9416fcfb943eb0ec834f4ea407fa5971ea912559faf9037f4e0e4e

SHA512
be400596758401eec313e97dddfddda52f69a5565d89c694144de52d40a1693f7991ff790b533fd37c2207027b8dcf925df76836dcd9367da0ee3347d0bbb799

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe

Filesize
468KB

MD5
a0880f3081d08b0b240e02be67a161cf

SHA1
ee7ac55b0ab98cdd6f8a589c6e5c2ed51c8332e4

SHA256
c20c8da7e4f22111363faab5d6639eee5ca6329f1d4f08322f4dc4227db1bb4b

SHA512
8ddb75fbe1e16d83df94314a1e1f7a2d28753373effab1bb637ac44543682c15ed7d5bd1a8d60b327d09fa2c64b1e285df05ab9f0a98336e0022a5782febf64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe

Filesize
468KB

MD5
9b39e54293978fa273d2e81b4ba84ca1

SHA1
2b2e3ccb78b724492cc04a9dfbeabe6b504989e9

SHA256
c6c36da3ca3c445fb41f98f3c5e91b528fdd59c146d8606adf438ef5f36842f3

SHA512
a8a6d6bbcd5cde57b2782870d13fe84b6e47959b734a694d6ef61655a39e4c388def9d902d5de37561f647f43f1ca9941a19d34eb693f39fcc0443c68e01d3c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe

Filesize
468KB

MD5
bc1dd6da3e31957c11631b006e2122e0

SHA1
ead01c4c0d350e56e62c7d3320fd145754633c64

SHA256
bec22b69bb7864f962b5df829a41a20ead96506d2f7a5c7f061c29fdab969af9

SHA512
3b125a3f1106612ca002a1fb5e2b4696185fdcdf33e55bb991499434b1abe781e73841ad341ddf097380d19efda79a65f32bd6d4f2673d3a474a6e9a712ff9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe

Filesize
468KB

MD5
1b1e03ffec27f1d22eb30ef9f5cace7b

SHA1
efff54c768b4cc3b9c5bc6dc534522eab133f725

SHA256
23e7aeeb5504ad415818e9f06e98c05a2257006ce1751711ad03c4903bca114d

SHA512
490aa63d5be41931d5806ddde5649140a3cc111b06356e867d274ca92d9d77c52a037e7d0293f7e7b9de5954aa5f46b69e4f94338f20cf11df1a382702028971

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe

Filesize
468KB

MD5
8df3fed9d4b0ac964fc8cf5980df929b

SHA1
29d9eb0fd05706bec6a38725390c18cd75b2d3a0

SHA256
e6ac1e3ae5032dae1bbbd42da4c9b687d2b3800e60fe39a206a941e104c9339b

SHA512
16a75ce262c31bb2e05938f7dc615f840c50badf8041bb0fc39209fefa2cecc1ebad6178c8dc75f3a9c37bdb8f750e5a81b6c5da4c16779ac20c220cae64172a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe

Filesize
468KB

MD5
a65f14a95af6000000cca09c9f5840c1

SHA1
4e522e683ce5203f274c201df8edafe853d084bf

SHA256
4543ce1cd7531570a6f5666ee3294d8cca55ff87af9fa32acec847084e955776

SHA512
9fd7eba24a0915a6ca479e687cc878d46d46ccb0e1e48dff8cb4c02eb79848877e5d334edade94c0a26e5bc1a1699e5a3a800b8dacb7e1c935a1f9a8f03485d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe

Filesize
468KB

MD5
e64a6d38c87eebe069ca82d2d84a3fe2

SHA1
7482802797a306a405f6b35461e1effa05509856

SHA256
9a74190f3545c8b5d66a481fe9e002da92cd1e0526002b0531f55cb1159b28d2

SHA512
420328ea2d70801b183b4a352a858016c968a210340d85696a81523bfa2295e23777b517dec869d6517809e15a0d256a4e511599dec1e86dc09d5ec8f3906584

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe

Filesize
468KB

MD5
006b5a7ac40c5ebc22861d9affc32fa1

SHA1
a858eaa4c128970aea3b411b69b7a6e5a9e13207

SHA256
55eebf3773df2a28a3eb4ec21d820393b7dfbcde609d3c2bc8c2f73727ee2569

SHA512
9b5860f5d1721acb19fcfc32e326cedd28ce03d585aa3474a7832840bc55dfd3aa9e2c5b134ce5972025e8ac025e86ff0de9eba91d6035e8346470910ea0dc23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe

Filesize
468KB

MD5
459df172caca21712e0d5b9eb28ef22e

SHA1
9cda5799ddffec106c2e1b34130aba0771821f4c

SHA256
29b47878f975438ec92cfd5e23978879c7aa29850c69fd51965b8ff1210536b4

SHA512
5facdddc9f5c5dfc8a7d8056cf767bedfb4ffdf8e050fa9231020489e0cfc2ceaf6e878347d0014c4920db778281e80902cc821e7ebebab5262dd29d95118334

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe

Filesize
468KB

MD5
8a29da7f9e1921ae00745250e65e4d41

SHA1
096e8278a56cccc154df90726cccfa2744d51442

SHA256
c99afb037f115cf8cd0e8606f98d417deea59ac8cdda0416341644249b14680b

SHA512
e9a71e3b3311141146b74df2e03eea1adb4f1bdd51f90e240706c030fbe40e774236eb004efc5644cb9c64b0f19c67f76526c4c9f6f53b445a4a01eef546cc71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe

Filesize
468KB

MD5
3cc54acdd3e87fee8883442e94d49b3f

SHA1
2e33ea7c07314302d4cafde649a2640eb87a2517

SHA256
ec558ad1b155cbedf56694266456d7cbbe8cc3fa8ea87fd4283ee44182caf039

SHA512
9c0b7e8de7650342eed74e82e777d85d4750007888a00d3718ad3d2f6ff1e4c8ff4dc93ea4b9836be92c2aaf6ac8c4ae6fd96f7815effc9a0ab4e8040f6bb0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe

Filesize
468KB

MD5
d097a604067e30f211be68f18fb7c195

SHA1
6d26ed8402afbb3508f835c9dd4a94b9397197d3

SHA256
d2208e1425c37284885026629171f129448003ea0b758a2611c1b96b36814c87

SHA512
c3e709be409d1c1ec9fb62e6b45e3af25f3e9b223be79bd2201b52eb3b7d29e7c4f7708faeb75edd0d6cc9190027667a88aa8efd429a48b2650208a87387c10b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe

Filesize
468KB

MD5
d81b3fb9f19f9bb3d1347be8d1b4dede

SHA1
93bc47009c4a910baab937b02591c708a1ba4637

SHA256
e81fde5dd0923be4b743aea5bc8814d060c05fc9d8c9d2f31fb268d732d3b201

SHA512
2e4ce45e3b2b24676bca0c6b24de40e35d254f1c26a6a08fa49eb09dd6ab9951992eb10e45491ccafc7c4c751062bd4095594c1520c0a5382eebd857c4c91fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe

Filesize
468KB

MD5
f00c3e37800d78435fa2901421f8dcea

SHA1
b038702c3709f76d5ca5e74e2fc81fa20eb769ed

SHA256
d53a21d0d1350cd24b73d7714f2c16aa4e0be4fd7480f08898db0a3e06dde40d

SHA512
8953cf97ce165d93d2ebc90751f6a1155742298014c53e9a839fbdf0ae28e5424d79eed09701cee28e0f3ec2b1332b7c503586c651742fa1166b88686d64b707

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe

Filesize
468KB

MD5
1322f642aed5b044910c2e6e27cc07b0

SHA1
32b4d2942effd7ad12bfef5c4f7454c8e83a46d2

SHA256
0d48ed705a5754386bdadf694d8e54bf5e89f73e951d81e1981bcc791e83d40b

SHA512
31fbcff637b52bbb7b12b71b6a7dbf718912a98b893ad5bc8c7788cb8e64edadd24c14abe91b719d4dad824a3dcc3ba6b63cf361186715a43dddbde778089880

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe

Filesize
468KB

MD5
d3592afc364247faf864e978593917ab

SHA1
4879b561ad03e6ec3415c2a8227b2c7bbaeb5482

SHA256
ef1e2beeeeaf76a2e0a73f65910981a75df0f8df90660927b5db6248861959a5

SHA512
230ab5d70fcfa95fbd312d5f1880c3512a2cd25bacf0a3d773bce78797a92181d155ec5ceaa572b3861e34c846f76a004f4612cd0a40eea6ccca193ac4a02f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe

Filesize
468KB

MD5
fe396007442af299bded6078296023b2

SHA1
9abbb3dc30a9732152796d3d22e9497ad3e5e2f8

SHA256
d83979ebc3ffc25bcf41d57d7d69fb8d63959f5d1e040807f45f6fdd97c5235b

SHA512
27c30664bb18caefa354259a80f7e30ee5c83a3f612280ab4771a6d1a86411b3f6044844e235ea3cd2c45fc8c24ec513ed223dd18ecdcb310a902b2ad2fe420f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51061.exe

Filesize
468KB

MD5
2b53bab0d7f943be049fd6daad832418

SHA1
9816e8fae3ec3ff10e37c9a80a588f405390c129

SHA256
1c943b4486919160ba51c66cd50e1e2fbcc87b1e7072e546be0b35f3df058d4b

SHA512
f0244161ed203bb073629a5c67a945472ca57345b1b2e2425d84c637d5b72ab91ddf673b58a269887f8229c5f7e4ab5db436d2d85b2ff70d4c89294b0ae75252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe

Filesize
468KB

MD5
48af79da8ea2c8af6898843942c40876

SHA1
2f3f3cf3a241eb2a3e905089a8ab1a1a540b1ac5

SHA256
7db0a7796bee77522b30f0dbfe0ee674c5662e01c90e072a060962145be68356

SHA512
c6a56a2654dae899930839304e872d3e7553c7206deb524e06162a1530ccffdd1ee6415db8ea508b0629a8392d49590731458c99a5174ec03d8538e3714301f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe

Filesize
468KB

MD5
60e5075cebcbf49dbc1d00fd9e85147c

SHA1
ff39c0ea6b319379c4cb308c9351e168ce2d0f2c

SHA256
8421dd0d6061a2bc6d167bd2fc0ecb9ad17fce7aef53538ecbcbaecfa26f0d48

SHA512
6cff4104b1379924b6bde1d6fea83f5ca691bc46fd462af9d9094c83bed4307e0067448debb0d7c558231f4d1a0c13acef78e12549c8efd96f9ea64795ae4c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe

Filesize
468KB

MD5
368fea5cd6b6f1f55a7e598825c61106

SHA1
72304684ad1942d41213a9092bb5124fca6b4ac8

SHA256
403288b13303ddce92a66587fa182d02c7aa1670196ebed0eafa64eec21a4d53

SHA512
f6ffdc27b4ecb27cf714b2c98e8a4330044af79d93953d98452da01787cc5eb1d93ad874cbf223a6c02b5ef117efbc39059b67a29b2b0e187e119be8997beb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe

Filesize
468KB

MD5
3fb965618d0d2efca1b23b2ff0b6523a

SHA1
a5994d0962bd5637872bb002ddc0a70466b7ed68

SHA256
32696d3d9b684d1aa47e85400d79ea47a3d4724b0f89998d9c67323fc9700520

SHA512
7b5750cc820662471efa6a90513a100e30a3a6bb710b6b3fe1a052cb937808368a1f70348add2b03f20faf2e28201d3bfc8804f80ef10877bfd4642af1c87668

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe

Filesize
468KB

MD5
138f2518f199479c635e7b3d09d54469

SHA1
1894ef4fd8e6f2c862bdffe9f08fe066653ff99e

SHA256
27d92190122abfe8b8fd3a0190aad9ed4b6e7cf00dd8880f7666cce0175f955d

SHA512
d4ec6901104d3b5721f467e0c2ca066d9fec6bb3720f7e9c4be12226403480b4e1d24e1b66b104f28f3528682e9420425b7e9aacc9edcb5df7a4e80bbcae8b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe

Filesize
468KB

MD5
c6fbcafb958b4cd51fe7c7846507ec25

SHA1
86613cc4e56638b7be8fc767ef8a1cb979655b01

SHA256
1d722bc653d808b14ce0d9e1ea56c53c084f6e2d5049174a36927b029bd103a2

SHA512
fd6102d094569bc7ce7736d51886ac8d0b09292636025744827a4168aaa0ba35f0bdbd53118e84708d46196761f2ec715bf9d9664a3b85f0f665a9a56fcacc52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe

Filesize
468KB

MD5
1bfcbb4783c880dca548f1269d0fbdf3

SHA1
1f7f829565260d0d1f50b147b830498429ff585c

SHA256
9da6e7fdd87da180a70f5b0192474d17d172d61098442c5528db9a0e72c5ebf6

SHA512
5ba46de312b85b6ea7c2fa3099732534865f550b12a6ade620abcf9766a1da2c480a20880e5aa552682579b52003d828c5f93840d88caf4b6ddf9bd55334af11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe

Filesize
468KB

MD5
7ab290644878b0033e49e1193e68f26c

SHA1
4a40146f7248b61af0a9dd586ba0d2772f9a13aa

SHA256
5168d9fe9616e9ceb3d4aaaff2ea541f381693effc8b5a159327c6115613dae0

SHA512
45fc5e7a6af463b34d3cad04b378800ebce9b3368b583d54b6267c80d2aa963c8f29d2d8353faa0b283f4372f7fb116f0769119b9ee964dbf2b6c431a12740ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe

Filesize
468KB

MD5
e3caaf54b71783c1442afd926aeff7c0

SHA1
dab9a1c6116879c0aae1228b21ded10b8e4dff18

SHA256
e34069fcea58d42cbd7e9356f2e60f7dedaf60ca39d8d5c3b0556cb67f93a2e8

SHA512
431a84ed7ae980f6033bbe825ab7e00bc6c9365ea0a5178e82fef1e83bd7e12a68a1d9c20d95b0a1e092cdd1031b7a7d00949bbfde5655bd22781107c1216a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe

Filesize
468KB

MD5
619e5e4e66abcdc225f05d617ac8556c

SHA1
e1f49eede6b13c5c1614f8d9fce00bbe61cef436

SHA256
8bbb643a556d47d0cb2cd7e7f5002fcd071de5bf4805cc375acdd91b312a65c1

SHA512
c494c18d625ae9da9e0471c9b305e79d46281a843e3f80f5433dbb72a5b175465f75bf95fd6c018ebfc919964543a1dd6acd1eb33de04a7cf9059d0ec470651f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads