26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8e

Analysis

max time kernel
119s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe
Size

468KB
MD5

a2bffb1fd21199d42a71baeb96b97450
SHA1

364920600494984a846f29395047ce2e07cfcb9b
SHA256

26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8e
SHA512

86b73946ade49bde80997f1f1c9620a59900f91682c240924d2f2eecd4267751b6f3b0beb416ddc38d397face5ca96992aec1f55faa6b32f31750348a63a5f6a
SSDEEP

3072:dbMIog5wP88U2aYVPzivff8/MC7AZ4pxhdHeZVXW7SXNfNJTQuYA:dbHonRU2dPevffFE0y7S9FJTQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
452	Unicorn-54046.exe
2052	Unicorn-45022.exe
1028	Unicorn-844.exe
2492	Unicorn-17534.exe
4400	Unicorn-46677.exe
1560	Unicorn-1005.exe
1920	Unicorn-44076.exe
5016	Unicorn-27054.exe
4272	Unicorn-53980.exe
4848	Unicorn-43774.exe
3528	Unicorn-43774.exe
3848	Unicorn-43774.exe
756	Unicorn-56581.exe
4480	Unicorn-10644.exe
4808	Unicorn-62636.exe
2896	Unicorn-3229.exe
2516	Unicorn-32948.exe
3204	Unicorn-5725.exe
1512	Unicorn-18916.exe
4292	Unicorn-28507.exe
4468	Unicorn-37438.exe
1400	Unicorn-29270.exe
5100	Unicorn-53701.exe
1428	Unicorn-45798.exe
4104	Unicorn-17764.exe
2568	Unicorn-50437.exe
1004	Unicorn-64172.exe
1688	Unicorn-37630.exe
4356	Unicorn-63198.exe
3408	Unicorn-30453.exe
1644	Unicorn-30718.exe
4600	Unicorn-59861.exe
2660	Unicorn-63390.exe
2408	Unicorn-32947.exe
3604	Unicorn-21590.exe
456	Unicorn-13421.exe
3632	Unicorn-2108.exe
768	Unicorn-42844.exe
2216	Unicorn-48974.exe
2680	Unicorn-16110.exe
4516	Unicorn-39462.exe
4020	Unicorn-6597.exe
2272	Unicorn-63204.exe
4444	Unicorn-14188.exe
2424	Unicorn-19788.exe
3620	Unicorn-28148.exe
4528	Unicorn-31678.exe
3936	Unicorn-44677.exe
4816	Unicorn-64277.exe
1516	Unicorn-21310.exe
4360	Unicorn-47852.exe
1700	Unicorn-31707.exe
3540	Unicorn-17972.exe
552	Unicorn-62918.exe
2644	Unicorn-30822.exe
4448	Unicorn-10956.exe
3160	Unicorn-37188.exe
1908	Unicorn-8045.exe
4368	Unicorn-45741.exe
3948	Unicorn-57630.exe
4092	Unicorn-39950.exe
4868	Unicorn-39950.exe
4284	Unicorn-39950.exe
3520	Unicorn-15638.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3252	1400	WerFault.exe	108
10732	5912	WerFault.exe	278
16168	11724	WerFault.exe	593
15752	16204	WerFault.exe	771

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3229.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	15980	dwm.exe
Token: SeChangeNotifyPrivilege	15980	dwm.exe
Token: 33	15980	dwm.exe
Token: SeIncBasePriorityPrivilege	15980	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe
452	Unicorn-54046.exe
2052	Unicorn-45022.exe
1028	Unicorn-844.exe
4400	Unicorn-46677.exe
1560	Unicorn-1005.exe
1920	Unicorn-44076.exe
2492	Unicorn-17534.exe
5016	Unicorn-27054.exe
4480	Unicorn-10644.exe
4272	Unicorn-53980.exe
3848	Unicorn-43774.exe
3528	Unicorn-43774.exe
756	Unicorn-56581.exe
4848	Unicorn-43774.exe
4808	Unicorn-62636.exe
2896	Unicorn-3229.exe
2516	Unicorn-32948.exe
3204	Unicorn-5725.exe
1512	Unicorn-18916.exe
4468	Unicorn-37438.exe
4292	Unicorn-28507.exe
5100	Unicorn-53701.exe
1400	Unicorn-29270.exe
1688	Unicorn-37630.exe
4104	Unicorn-17764.exe
2568	Unicorn-50437.exe
1004	Unicorn-64172.exe
1428	Unicorn-45798.exe
4356	Unicorn-63198.exe
1644	Unicorn-30718.exe
4600	Unicorn-59861.exe
3408	Unicorn-30453.exe
2660	Unicorn-63390.exe
2408	Unicorn-32947.exe
3604	Unicorn-21590.exe
456	Unicorn-13421.exe
3632	Unicorn-2108.exe
768	Unicorn-42844.exe
2680	Unicorn-16110.exe
4516	Unicorn-39462.exe
2216	Unicorn-48974.exe
4444	Unicorn-14188.exe
2424	Unicorn-19788.exe
4020	Unicorn-6597.exe
2272	Unicorn-63204.exe
4528	Unicorn-31678.exe
4816	Unicorn-64277.exe
3620	Unicorn-28148.exe
3936	Unicorn-44677.exe
1516	Unicorn-21310.exe
4360	Unicorn-47852.exe
1700	Unicorn-31707.exe
3540	Unicorn-17972.exe
552	Unicorn-62918.exe
4448	Unicorn-10956.exe
2644	Unicorn-30822.exe
3160	Unicorn-37188.exe
1908	Unicorn-8045.exe
4368	Unicorn-45741.exe
3520	Unicorn-15638.exe
4868	Unicorn-39950.exe
3948	Unicorn-57630.exe
4092	Unicorn-39950.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 452	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	82
PID 3392 wrote to memory of 452	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	82
PID 3392 wrote to memory of 452	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	82
PID 452 wrote to memory of 2052	452	Unicorn-54046.exe	83
PID 452 wrote to memory of 2052	452	Unicorn-54046.exe	83
PID 452 wrote to memory of 2052	452	Unicorn-54046.exe	83
PID 3392 wrote to memory of 1028	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	84
PID 3392 wrote to memory of 1028	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	84
PID 3392 wrote to memory of 1028	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	84
PID 2052 wrote to memory of 2492	2052	Unicorn-45022.exe	85
PID 2052 wrote to memory of 2492	2052	Unicorn-45022.exe	85
PID 2052 wrote to memory of 2492	2052	Unicorn-45022.exe	85
PID 452 wrote to memory of 4400	452	Unicorn-54046.exe	86
PID 452 wrote to memory of 4400	452	Unicorn-54046.exe	86
PID 452 wrote to memory of 4400	452	Unicorn-54046.exe	86
PID 1028 wrote to memory of 1560	1028	Unicorn-844.exe	87
PID 1028 wrote to memory of 1560	1028	Unicorn-844.exe	87
PID 1028 wrote to memory of 1560	1028	Unicorn-844.exe	87
PID 3392 wrote to memory of 1920	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	88
PID 3392 wrote to memory of 1920	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	88
PID 3392 wrote to memory of 1920	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	88
PID 4400 wrote to memory of 5016	4400	Unicorn-46677.exe	93
PID 4400 wrote to memory of 5016	4400	Unicorn-46677.exe	93
PID 4400 wrote to memory of 5016	4400	Unicorn-46677.exe	93
PID 452 wrote to memory of 4272	452	Unicorn-54046.exe	94
PID 452 wrote to memory of 4272	452	Unicorn-54046.exe	94
PID 452 wrote to memory of 4272	452	Unicorn-54046.exe	94
PID 1920 wrote to memory of 3528	1920	Unicorn-44076.exe	95
PID 1920 wrote to memory of 3528	1920	Unicorn-44076.exe	95
PID 1560 wrote to memory of 4848	1560	Unicorn-1005.exe	96
PID 1920 wrote to memory of 3528	1920	Unicorn-44076.exe	95
PID 1560 wrote to memory of 4848	1560	Unicorn-1005.exe	96
PID 1560 wrote to memory of 4848	1560	Unicorn-1005.exe	96
PID 2492 wrote to memory of 3848	2492	Unicorn-17534.exe	97
PID 2492 wrote to memory of 3848	2492	Unicorn-17534.exe	97
PID 2492 wrote to memory of 3848	2492	Unicorn-17534.exe	97
PID 1028 wrote to memory of 756	1028	Unicorn-844.exe	98
PID 1028 wrote to memory of 756	1028	Unicorn-844.exe	98
PID 1028 wrote to memory of 756	1028	Unicorn-844.exe	98
PID 3392 wrote to memory of 4480	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	99
PID 3392 wrote to memory of 4480	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	99
PID 3392 wrote to memory of 4480	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	99
PID 2052 wrote to memory of 4808	2052	Unicorn-45022.exe	101
PID 2052 wrote to memory of 4808	2052	Unicorn-45022.exe	101
PID 2052 wrote to memory of 4808	2052	Unicorn-45022.exe	101
PID 5016 wrote to memory of 2896	5016	Unicorn-27054.exe	102
PID 5016 wrote to memory of 2896	5016	Unicorn-27054.exe	102
PID 5016 wrote to memory of 2896	5016	Unicorn-27054.exe	102
PID 4400 wrote to memory of 2516	4400	Unicorn-46677.exe	103
PID 4400 wrote to memory of 2516	4400	Unicorn-46677.exe	103
PID 4400 wrote to memory of 2516	4400	Unicorn-46677.exe	103
PID 3848 wrote to memory of 3204	3848	Unicorn-43774.exe	104
PID 3848 wrote to memory of 3204	3848	Unicorn-43774.exe	104
PID 3848 wrote to memory of 3204	3848	Unicorn-43774.exe	104
PID 2492 wrote to memory of 1512	2492	Unicorn-17534.exe	105
PID 2492 wrote to memory of 1512	2492	Unicorn-17534.exe	105
PID 2492 wrote to memory of 1512	2492	Unicorn-17534.exe	105
PID 3528 wrote to memory of 4468	3528	Unicorn-43774.exe	107
PID 3528 wrote to memory of 4468	3528	Unicorn-43774.exe	107
PID 3528 wrote to memory of 4468	3528	Unicorn-43774.exe	107
PID 3392 wrote to memory of 4292	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	106
PID 3392 wrote to memory of 4292	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	106
PID 3392 wrote to memory of 4292	3392	26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe	106
PID 4272 wrote to memory of 1400	4272	Unicorn-53980.exe	108

C:\Users\Admin\AppData\Local\Temp\26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe
"C:\Users\Admin\AppData\Local\Temp\26499152fd1406c5b38dbf9707f33606be623e8f5b5c8ad307eb443f01b10f8eN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        8⤵
        Executes dropped EXE
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        10⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        10⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        9⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        9⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38278.exe
        9⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
        9⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        8⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        9⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        8⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        9⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        9⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        9⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        9⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        10⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        9⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        9⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        8⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        8⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        8⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        8⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        7⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        8⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        6⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        9⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        9⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36052.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
        8⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        9⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31443.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        8⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        7⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        8⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        8⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        7⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        7⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        9⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        9⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        8⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
        8⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        6⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        6⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        6⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        5⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        8⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        7⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11724 -s 424
        8⤵
        Program crash
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        7⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        7⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        7⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
        6⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        6⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 488
        7⤵
        Program crash
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        5⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        6⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45484.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
        7⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47462.exe
        7⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        6⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        5⤵
        
        PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30950.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        7⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        6⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22725.exe
        5⤵
        
        PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        5⤵
        
        PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
      4⤵
      PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
      4⤵
      PID:15216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        10⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        10⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        10⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        9⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        9⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        9⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
        9⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        9⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        8⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe
        8⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        7⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
        9⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        8⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15219.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        7⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60830.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        7⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        7⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        8⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        8⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        7⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16860.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2875.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        7⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        7⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        5⤵
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61974.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        9⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        9⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        9⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        7⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62020.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
        8⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        7⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        7⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        7⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21235.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        6⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        5⤵
        
        PID:15520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        5⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52813.exe
        6⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        6⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        5⤵
        
        PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38278.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        6⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
      4⤵
      PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 632
        5⤵
        Program crash
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        7⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20331.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        5⤵
        
        PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32030.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        5⤵
        
        PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
      4⤵
      PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
      4⤵
      PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        5⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        6⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        7⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60254.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
      4⤵
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        7⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        5⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        5⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        5⤵
        
        PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
      4⤵
      PID:6512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        6⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        5⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        5⤵
        
        PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46300.exe
    3⤵
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        5⤵
        
        PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
      4⤵
      PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
    3⤵
    PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
      4⤵
      PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
      4⤵
      PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
    3⤵
    PID:9872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
    3⤵
    PID:14196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
    3⤵
    PID:6564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        9⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        9⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        9⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        9⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        8⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
        9⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        8⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        7⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        7⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        9⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        7⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28148.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        7⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38662.exe
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        7⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        6⤵
        
        PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-483.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44110.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        7⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        6⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        9⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        8⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        8⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        7⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        7⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        6⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        6⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6389.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
        5⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45254.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57597.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
      4⤵
      PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        5⤵
        
        PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
      4⤵
      PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62550.exe
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
      4⤵
      PID:15348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        7⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        5⤵
        
        PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28820.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        5⤵
        
        PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18830.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
        6⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        5⤵
        
        PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        5⤵
        
        PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
      4⤵
      PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
      4⤵
      PID:12348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        7⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        6⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21083.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3069.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        5⤵
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        5⤵
        
        PID:372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
      4⤵
      PID:6472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      4⤵
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        5⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        5⤵
        
        PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
      4⤵
      PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9540.exe
      4⤵
      PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
      4⤵
      PID:1208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
    3⤵
    PID:7444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
    3⤵
    PID:10352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
    3⤵
    PID:15192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        9⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        8⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        7⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16204 -s 448
        8⤵
        Program crash
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        7⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        7⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5131.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
        5⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        6⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54884.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        6⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        7⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25723.exe
        6⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        5⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32900.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5475.exe
        5⤵
        
        PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        5⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        5⤵
        
        PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20203.exe
      4⤵
      PID:9472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
      4⤵
      PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        6⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        5⤵
        
        PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54261.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      4⤵
      PID:3736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
      4⤵
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        5⤵
        
        PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
      4⤵
      PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
      4⤵
      PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
    3⤵
    PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
      4⤵
      PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59117.exe
    3⤵
    PID:10140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
    3⤵
    PID:13840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
    3⤵
    PID:4252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        7⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50184.exe
        6⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
        5⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        5⤵
        
        PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53716.exe
    3⤵
    PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56549.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
      4⤵
      PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
      4⤵
      PID:1184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
    3⤵
    PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
      4⤵
      PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
    3⤵
    PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
    3⤵
    PID:15236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
    3⤵
    PID:17212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
      4⤵
      PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
    3⤵
    PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
      4⤵
      PID:8716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
    3⤵
    PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
    3⤵
    PID:13340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
    3⤵
    PID:8512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
  2⤵
  PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52829.exe
      4⤵
      PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
    3⤵
    PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
    3⤵
    PID:13648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
    3⤵
    PID:8888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32043.exe
  2⤵
  PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
    3⤵
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
    3⤵
    PID:14824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
    3⤵
    PID:6296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
  2⤵
  PID:10792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
  2⤵
  PID:15348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
  2⤵
  PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1400 -ip 1400
1⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5912 -ip 5912
1⤵
PID:10284

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe

Filesize
468KB

MD5
979c8bb9666b2aa045def5345037529f

SHA1
ea76d12fa4098b56a9028d0de809b1402d441bfc

SHA256
e4ea4b48f16a4d785794e6f1b8c4d71e378e6ad67ffaa7b067f98af94da20fce

SHA512
787efb3e01d3e41dd3eff6fc135e0d705e4a87d4184627d556256a395d650193618182bda671972df54e2a943e0fe77397d4e46f1eace2e3d1b0ee07fbd06fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe

Filesize
468KB

MD5
e586b5274403dd23ce3092fb7d175fbf

SHA1
aa669a541b302ba10858b0ce50c60d03cbef2d61

SHA256
9adfe87debb9fe7086a01ff46124f37868cb7af373b0511d9d64d6d5fdf5c08e

SHA512
e6bd31246ecb4e09ef48bf4d7ab91d4cb1539129a3f45e39fe0e95f6446b05163d1eb938a2a7c3880362f3ea969465c701b78278f30393435744d424717aa679

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe

Filesize
468KB

MD5
e2b9848a40933a36f8ccce2bf2f4fe5c

SHA1
ae2321792efa0dfdd6c491d767f5254a2b9a6e68

SHA256
29f5923bad2e1d9284d5e4599db08a61fd941e7788955e238ba754c8172fdafa

SHA512
bcd298dd74e8355fb16e1a5dd70ee0d23d57b84b23b7f876f8a6456897820ea8449a40a11155729e727076510cf6f0ebfc1a605885a7fc92549a961a74da12be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe

Filesize
468KB

MD5
740fb8fe8ec9a43289bc3447fddbbbf5

SHA1
4691291d16dfd2fd50df3c006db52ebc4b43ef3e

SHA256
5d8d8c99c360e0c16bfb8e50cadb7af07066c1d654ac54ac9812cab7f157b58b

SHA512
a9a5546dd16b33f3e479c45e028a5dd3a461d65639dbe6c196f73712b6630add0c02d979b55d475ad65a6f599e771f2146903b6a19287a3434e50f450d6f35ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe

Filesize
468KB

MD5
d82c28a4bec0b621840c4dea1e39396e

SHA1
14ee18c307fc5c95b43cd969e8154d38ff8c4350

SHA256
4eb13a138237e72bc32de28d4d94dc07b1f3dc4d80e2d7206fa288598278e360

SHA512
941697642eb4db6983e1064711239a79f44bfa3213bb7681a17f5b7c45938ae192cf2be37c5731150be99b52aaa2acd46f257551d94391eecaeb11d4bd8cbd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe

Filesize
468KB

MD5
987f66acc939f2c80bcb499dd8eee06e

SHA1
d0fd04c7a4a37920d5387e7d4d0c48856fc3d56d

SHA256
f7def0b58f26cca24b06b73fa17e3fef437eda6918f7c4330b3e7218c0b8b36b

SHA512
e8b3dbdb22a0294279d76f19c8d88433d9217bb7d1119b1f2a2be2cd6671503a56929089f4de645c21deae12c11cb7b588a8a352a262df8b785bc931c8a76f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe

Filesize
468KB

MD5
65f63c9d00fcc5d9a69880ae0d2312f7

SHA1
c619e9b484e237e4f234883ed531222c852848a0

SHA256
f283772ca6c55c6a593741fae950cc681080feecf88d44f46ce5747b05238b84

SHA512
ed583731317287e4626aa3137c28cdcf2472d7a16c0e196e9389e115c44828cda6f2f89d67a8b7a9c44b99ace322984bbdd330498586b09fee98a9fcc9d19ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe

Filesize
468KB

MD5
0501164c6ef030e32bceca2ee173cd7e

SHA1
9074dcb8925cd3b62d726054f52d159db629dde1

SHA256
5e02103ff3acb7dca4c47dbf2539d79395a3a299da8d5ee6a96cf4b0431e11b9

SHA512
56dba2debe108f9147e5cff02da49119c058e630971465a10f2d7dbaf7f29d451c28cd806c6a39c7b6c0ebea0ea1c04d6724c7179175c2850ed3ca6829d4585a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe

Filesize
468KB

MD5
fc98244a8c8a8f0eb4ef4b3331a6903a

SHA1
8981de33e26feb24e606410b4bf842f1b104f1e7

SHA256
43ed7f1e9a8ecd507e32e16dbb509ca991e5e78553c1ec6747e0d136c09407ba

SHA512
d73d5234731cf18b4a7b80cfe099e72b29b752720ac204e145c3ec837e1b3c06d3f6890040cfa3c801924196880107763077b60ce805d6879c0c8553ab7c0231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe

Filesize
468KB

MD5
1dcde3b204b1966ae5879fd460396c2b

SHA1
82be1c3ae6829f4264bd3e846931ab14f596c9a7

SHA256
23687831450847f9a4ab650c4154d58ea44c9cf075bbc139a834fb1c0a4b1cf5

SHA512
70f57adc460036f38b77baee642bd009e68359976c6855477a280dcfffa916d6aac3f8b38004e53e6c9f405bb11a4456839865acdb92eae71cd24d53e19cef88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe

Filesize
468KB

MD5
2d76bfb2156983558484ca98bec88f07

SHA1
adad02dd0eb8ac9cdb16cda2d72ac1554e5e803a

SHA256
17aa3e84cc3560e4bbf085ae81c7e17c1bf6514f17989d6f5f11e223b1a13a0d

SHA512
0abcf5e6387dfb016dcf56efa9761b0d8d7261aef090ca17291780c87bad89c9b02dd91986f10ca74bd655fd96a77d488a2443aeb68677dc23fe8228b29a4ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe

Filesize
468KB

MD5
774261d689aac4c1704d4d4f7e67848c

SHA1
8efe0e076b45ec26ec36600c3543850afce301ae

SHA256
09c69a32a47c06a57f9e52f4fbd50d30a2c7654812a3986032e58569f3391cb7

SHA512
90ac68b11225a60acde250ae446c95a8f05b83ed1704f09d5b546586e381c7b81f33e6778216557b45f388ea0e362c4a1f01aeced244bfe1e59a143fd45006bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe

Filesize
468KB

MD5
373086e2d4bac8133664caca22e43619

SHA1
30e6402289ab6ec2e942b0bbd05c68fe641658ac

SHA256
30eac5e1ac1371609dff3d60c1b417b73d9239e23158e7e6af4f018801e8da1f

SHA512
4a3ed7c5e5c95ed2bfec11a8c0c7ba9332a57e3b79ff42ee0023faae987bbb3179de1f92e53f8f5de1705fcffb80437d0dd6e1fa30c48bbf9333a465db940351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe

Filesize
468KB

MD5
c8081b5c0231ea2f4d003dc4b7f1e902

SHA1
d7866fd7760a282bc7151255f54d3860043a906d

SHA256
61e4ea6aab78a0bd7910b5d278475f1a045f338e7b513e97a61462a21fa3bb0b

SHA512
48ca2a8d8b616d0281d63b8613e204067487ef02de168a1275886d5411ddbf568ebd3d6658957107db892657ede85427b35428416d1ae2fe08872d444e747570

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe

Filesize
468KB

MD5
e637211c3ebac4c2b660122f0161f93c

SHA1
3e86afdfd85790dd077e304c52cc241d6fff1da2

SHA256
89bc003da27a3231e4fb4ad8996a06a3564a5b898636ecc0a3f51834b5186ede

SHA512
8eab7f0966aa6cb9d246caf6ea842d652bf60e5b5c3d9323e5681a5cec9563cfa77c1c48ffbbda8636f5c8036e40fa30c4fa30362648cc677b84f05f456ae785

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe

Filesize
468KB

MD5
7590603fb473b4cbd2c7858c8ff76c81

SHA1
d4af5e2a4330732adb6317f1969a1ccb5c5447fe

SHA256
e9a208878c9b9ff0d6a933af077f5c1ec4cc618a17f1400d974e2b7f30302b80

SHA512
08c890d1862f474a73d1b06d036a80c499d9b099faa823e0f0ac59a25c2c06d31a0756871291b3cd17d7846d13a412b8d33f50149fca46eb4955c0fe426c18cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe

Filesize
468KB

MD5
428b527f783f951f609684671ed742c6

SHA1
b491ac9e74d01f945b18ead68fa8d1f03870779a

SHA256
98269e942843ef75801117483c9728d789ad13e3f6e040ecbcd9bd6b533882e9

SHA512
2bd5d28b4897a69af56f9098ba3c678a6038a27657a6a745f83aad21f6b14c68f853c4aa4b0fd599c87a341608271dcac18c9e016cf5107bfdce92a053ecad39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe

Filesize
468KB

MD5
3980891e603523e36aa144f13eb61c01

SHA1
b8e08f538b770b3f9d8041a11f1f30ede92dff50

SHA256
3a829ce11ed944b4509c129073ec32c438f03bec15ec6779256dc31839649473

SHA512
532e652b24102b5cb10e5d044ce9caf4436e4bc80d5260fa63b144c50cb27268c42265eab6788c5e6c3df1438c46116252321741f0709f238e3b6adc3d6a924a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe

Filesize
468KB

MD5
34d0527701decf7ae321a0b525113c28

SHA1
b3c51afba610bdc1c9296d2a0e4f912bd63b4bda

SHA256
e3925e72ebe2124183d9d37a74ab6baebccc776693cea470531ddf645b4461c6

SHA512
6e5673cae8c4ca1708de57ed15b6f0b2aa3144f783c9f9fdaf424ab7c582fb247148301ad8a5510dbd74e6ad40c70e46b01b089c6c7e301de03ab253836b728d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe

Filesize
468KB

MD5
898f6f6198bdca446ca7ea9dd18cb12e

SHA1
2a18dd2ffb3c28f8680b9934eda8fbf4337701e6

SHA256
7d72cd9e8ecb5b626c4e6a7a8e88a1ba4c62a52deed1ac9b9a63d9839bdf22f0

SHA512
9241a0e85b00a018bf44357cedcc4692a6a5185275ee4439bb02e00f55a29f13b2380d45c7f32972332eeb2e45e9cc7b06bcbe5403af9766759cd00d006d0dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe

Filesize
468KB

MD5
e7baed152b121103718bb4d4efda566e

SHA1
3e2589d1949ebcc0e462120561f35115171f1131

SHA256
ee0a9f2e46cec4d3306325cb367505a3804af60301b67c6325d1be4cafefa581

SHA512
65aefe2bc273b52df178b261a13afa951738eb76917f8c36adb53e8670e89bc69c54434e7b4342c9c2cd59db20f47bf4acd3c12a679a59c35e61063288f635de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe

Filesize
468KB

MD5
6a746c5935b0c770b7776286597415fe

SHA1
1791bb03ec9a57b952a80df37df00de731fced62

SHA256
cd00a3ea08cbe46f90f94f26494eb12725eca1253aa56e71ea7baa561385a9da

SHA512
d85eb4ff5ffc29dabbebf01e3d250b70129a6f9d6e51bae0c6b2846d325c2b71cdf2af3b32f9a60595e6900dc975dde91d58f4de7115bbec0160987ce02b9eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe

Filesize
468KB

MD5
b87238e0c41075b431f0ff4dd1eb5f01

SHA1
aaeb745254b5ddb3a8c08555fd14c34a24a01c5b

SHA256
949a9dea07fae380c008ef167878da0e9f18b0c057ac9b9d3110703f2ca81e80

SHA512
3bfd27e284bb93d450428d50a2ef58dbd6699d7f977eea8f5918173398478a6bd26404b0152c9626ce54209909a6036c5a6acdc775f70ffc4473eddee9f5b056

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe

Filesize
468KB

MD5
a7eb97f56563348fc93c44f4fb6afb0f

SHA1
745d0b3bd5e535c3e3cf38a40aeaec85a320d786

SHA256
c7e7e6e6472c7cc64e91cef0e073101db6cef1536e73e5e47ff9969dda872733

SHA512
eccc0460e7f9d5fe5377a98ce5a00a646af9ecc4c286ce112aea492bbba702a0553bb98c0472441bb847655d9ce6713e024af85e5123cf1c83f35b457a09c2d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe

Filesize
468KB

MD5
b8250d9b279a44cac02ee6cad604b724

SHA1
678c04fc99bf36927e955f607eb0428f93780074

SHA256
6132cb8b12c1c69b05fe8d0d70c4889da5a475db43d8d99eb9207dc52890da1a

SHA512
8857dcad1f694d839ed344a264ed21e48ad16655936b3b22563ed1cbebe94079f49d7e4e29091f0a21e07d9b906c67085624621f935662e66dbf5c8ba02d94ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe

Filesize
468KB

MD5
52db9140b48eaf819790aad96705829c

SHA1
97652acc12907956fdf56fcb5909c9725c0a4eb9

SHA256
c50e7c9ad7b2088e161238e1aecc433d2cd4477fd29422d570392f719b12baaf

SHA512
986fef091898235faaae5cab2e43e94256b3dbb4d6de154e81017558c1cb2d4ee2214de4cbe0f86ccc68d52f99495a8e68972db6e0510e2d09c9e5bdebdebcb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe

Filesize
468KB

MD5
e2a835d3ecbde581ce1c4a4090f31b48

SHA1
216008cf3942e208e3d4246fc196b0fec4d0642f

SHA256
338cea3c59575924edf631ab7dd230036d01854b7fff75e309fc66eddea81aaf

SHA512
7ea7ec341cf147860aaa4f14df1867e127d36a82cf02974ce3ad878df7d76360475e07ec9ce09e57c15fd41fb027052e211277492d10b8efa3afd22c8d9800a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe

Filesize
468KB

MD5
1419119d68e1f60371452892671ee955

SHA1
756b33fba3d6b29ba0387b1f6f5d232455195681

SHA256
c92561aee8833afc26f6c1f096e68fa2d3730b1bb64408eb7fafa1a110fd481a

SHA512
08a2ed54dcf373e973977800ba3d95c63e2398f1e10ef1da79203b662acb42696a3fb5f71e90fe731bcc7e1f26dd68ceddc889af877dbe42d6b4e1018f1a6dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe

Filesize
468KB

MD5
b5376c768761ae3b793f03755b8a2a5f

SHA1
ecf57d52e76396760489cab9daffda99bf5927cd

SHA256
2ea502f236457fa7d11ccf4cb12f90c4fd79d985f42478cbd400bc9039c5d2b5

SHA512
89a5944f4152f19c7ee700d4d094432157970e58fa4b3c8a5714f099fc8e90d86a06268bc68cfa7ff495d5c31824eb1cf09cae26caa5d4e0c6701a07879e4a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe

Filesize
468KB

MD5
b241e6bfc19ed9b887f408084e7dde02

SHA1
b0e0ea914c04f277cd4f2b7acde9a6158c9b4485

SHA256
7056e5321d635de6d029f811cda6fb5a7b9f29eefc6a11cf911426a05430d2f7

SHA512
2d7b58a79628206237f9081b4d8bbff61a7f1ca00b44eb4def62fcff52586bb497a49a578c95319ac3ad8304dfb2d8c90a2e5c46750ae43f6adc97d42c9fd4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe

Filesize
468KB

MD5
86d05417f4994af5233e775e62872919

SHA1
858333b08fdf791c1df2ff8bf26e39c3016410ea

SHA256
2a5ba6dfbfe126f3e0d5dcf2bddfd78cbac8a07d7af3c51c9d97ad88401e00d0

SHA512
bdbb7c95971a52b944183284a83d1589a344383e966fe461162d88798c78148c9c8331d5f390eea81322c9c4c438c708eb4c49c89406012f6d430628db5b2591

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe

Filesize
468KB

MD5
8d94274f89c405f41c0a1e2916c637cd

SHA1
2c4e87e385c4d3860e02702a78f2d5ee3e003480

SHA256
2285cf8e1981d3e097f870bb13e24451ff758b6dbdd66a83c53a6986c198922d

SHA512
0ed3817378c6c2a5edfc4df55409ec9e786802d66984e87816f0f05eeb224476b44af9b13bd7f9deb33b29593aaa97ebeda4cd63360dce9d53631bbcf5ce51e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe

Filesize
468KB

MD5
1062bc89503f3feb84a973a8dddf703b

SHA1
ee02f8aababb774a81f27e2cc8b56ceac70ce0d8

SHA256
659bf596d24a751018cc9a62cbb0a6aa90142535132edc72addc71b433a09bc2

SHA512
cbd550138a953db6b9c07cd2d6d46f2e3b677cf3648e3a59cbd8f7b5d5935acac80585b0aec80deb5d771a57bc575af7896905cd4bde02246bd14acfeeb26496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe

Filesize
468KB

MD5
79c0ca6a7eddca94added5ebe5b5ef2f

SHA1
6d340a5c0630479f9c3db8c9cd876d740949e082

SHA256
03ef830ea21f4b6ef6f67c48b03234e26479fffd2dea297284a9fcaac8a7bc25

SHA512
629f5e414d6b08b43b38174ca39ce22c0a022e3275b5f7b26db34d9f537bf7e2825c7f4a42277bc877a19395839cdf5ec9815197900faadf2a7427d370ab0300

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe

Filesize
468KB

MD5
527ec8c1237f11516c8f87379ede2686

SHA1
694297fcad154ee10e12432c9588efc96cb7a27d

SHA256
6aac58b0597a916c08faa4f0c716ee1d3c84163eb1b88a92999f41a2c3afa964

SHA512
ba8562d116013744d9d6e71d1fa5c0f1493f31b3138884c7fe4a7a5d769fd971e08a03bc4e768161b9e70ff92dc2144e46642bb324d8cf29e3fc5a300e033648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe

Filesize
468KB

MD5
6f691b9dfb6dc32abbfdcaf63f817f60

SHA1
9d8921e479ecf6ba7ee34f4da32eb97581328428

SHA256
9d942d48b69b06d871fd5e5a4dad2c0f6d62bf7adb19ae727b8d0b26abd9a0e9

SHA512
bc3fef7370a90a633b0bc41f80729dac0198bdf2f32bfaf37f1de543026a49518b41e760325389b3053b2cd9202c1b719d9b98f9bca57c19d7e38d95dd483375

Download Submit
memory/8-506-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/452-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/456-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-258-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-448-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/972-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1004-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1008-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1400-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1428-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1512-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-41-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1644-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1700-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-526-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1908-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1920-42-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-579-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-261-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-281-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2408-229-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2420-447-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2424-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-542-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2492-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-112-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2568-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2644-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3204-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3392-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3408-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3512-504-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3520-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3540-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3620-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3632-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4012-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4044-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4104-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-65-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4292-145-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4348-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4356-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4360-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-40-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4444-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4448-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4468-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4480-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-509-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4516-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4528-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4784-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-102-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4816-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4848-75-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-535-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5036-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5100-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5128-553-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5168-554-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-555-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5200-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5224-571-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-572-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5244-574-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5256-578-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5592-587-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13708-2610-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/13952-2829-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14220-2927-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14412-2668-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/14696-2732-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15524-2609-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15564-2607-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15700-2875-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15704-2615-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16096-2611-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16204-2921-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads