263b18090aa32c4c62ed3fc0826b4e38bc372c8ecba17f11a5bfffebbc694869

Analysis

max time kernel
120s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

652ec4e693518bf17f221b68ba689370N.exe
Size

468KB
MD5

652ec4e693518bf17f221b68ba689370
SHA1

39d862cf050844d792a690fc9573ad33b4594458
SHA256

263b18090aa32c4c62ed3fc0826b4e38bc372c8ecba17f11a5bfffebbc694869
SHA512

35db19261f3af0660568a2d1c666270185096494bfaee6efddc084958b1f896139fc126c977bfcfc05485097f9570aab0ae1c13c883922d672f1e8162855abd1
SSDEEP

3072:bRcSogu1PU8hwbY4PzrjOf8F6C58SZpCndH2ZVTdszf33VjNESl4:bRZoVZhwvPPjOfIv5FszfFjNE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3200	Unicorn-27386.exe
3648	Unicorn-8693.exe
2144	Unicorn-17416.exe
4872	Unicorn-60258.exe
4572	Unicorn-32224.exe
4280	Unicorn-24462.exe
2968	Unicorn-18331.exe
2708	Unicorn-2453.exe
4776	Unicorn-64461.exe
3668	Unicorn-5961.exe
4976	Unicorn-30201.exe
4008	Unicorn-18214.exe
4080	Unicorn-36588.exe
1920	Unicorn-34550.exe
1844	Unicorn-39188.exe
1588	Unicorn-20482.exe
3704	Unicorn-12313.exe
4676	Unicorn-38856.exe
3228	Unicorn-25120.exe
5024	Unicorn-58198.exe
4852	Unicorn-54669.exe
3660	Unicorn-45754.exe
2772	Unicorn-45754.exe
2444	Unicorn-42608.exe
1172	Unicorn-8924.exe
2364	Unicorn-54861.exe
2072	Unicorn-259.exe
4420	Unicorn-62474.exe
4748	Unicorn-27563.exe
1480	Unicorn-19854.exe
3760	Unicorn-16324.exe
4364	Unicorn-28022.exe
4232	Unicorn-19780.exe
3212	Unicorn-59032.exe
4532	Unicorn-65162.exe
1356	Unicorn-45297.exe
4140	Unicorn-44913.exe
4036	Unicorn-19662.exe
4404	Unicorn-8369.exe
640	Unicorn-36958.exe
4576	Unicorn-53657.exe
376	Unicorn-30443.exe
4980	Unicorn-24876.exe
764	Unicorn-62422.exe
4728	Unicorn-13221.exe
4792	Unicorn-37726.exe
4388	Unicorn-30112.exe
812	Unicorn-30112.exe
3784	Unicorn-399.exe
5072	Unicorn-62614.exe
4600	Unicorn-21582.exe
3948	Unicorn-17498.exe
408	Unicorn-29750.exe
400	Unicorn-33569.exe
2516	Unicorn-8368.exe
3604	Unicorn-39956.exe
3532	Unicorn-39956.exe
3908	Unicorn-2484.exe
4904	Unicorn-17690.exe
4760	Unicorn-30496.exe
4304	Unicorn-60952.exe
1064	Unicorn-54638.exe
1416	Unicorn-35142.exe
2156	Unicorn-35142.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
884	14576	WerFault.exe	717
7572	13912	WerFault.exe	655

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22879.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6612	dwm.exe
Token: SeChangeNotifyPrivilege	6612	dwm.exe
Token: 33	6612	dwm.exe
Token: SeIncBasePriorityPrivilege	6612	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
836	652ec4e693518bf17f221b68ba689370N.exe
3200	Unicorn-27386.exe
3648	Unicorn-8693.exe
2144	Unicorn-17416.exe
4872	Unicorn-60258.exe
2968	Unicorn-18331.exe
4572	Unicorn-32224.exe
4280	Unicorn-24462.exe
2708	Unicorn-2453.exe
4776	Unicorn-64461.exe
3668	Unicorn-5961.exe
4976	Unicorn-30201.exe
1844	Unicorn-39188.exe
4080	Unicorn-36588.exe
1920	Unicorn-34550.exe
4008	Unicorn-18214.exe
1588	Unicorn-20482.exe
3704	Unicorn-12313.exe
4676	Unicorn-38856.exe
3228	Unicorn-25120.exe
5024	Unicorn-58198.exe
4852	Unicorn-54669.exe
3660	Unicorn-45754.exe
2772	Unicorn-45754.exe
4748	Unicorn-27563.exe
1172	Unicorn-8924.exe
2444	Unicorn-42608.exe
2072	Unicorn-259.exe
4420	Unicorn-62474.exe
2364	Unicorn-54861.exe
1480	Unicorn-19854.exe
3760	Unicorn-16324.exe
4364	Unicorn-28022.exe
3212	Unicorn-59032.exe
4532	Unicorn-65162.exe
4232	Unicorn-19780.exe
1356	Unicorn-45297.exe
4140	Unicorn-44913.exe
4036	Unicorn-19662.exe
4404	Unicorn-8369.exe
640	Unicorn-36958.exe
4576	Unicorn-53657.exe
376	Unicorn-30443.exe
4980	Unicorn-24876.exe
4728	Unicorn-13221.exe
764	Unicorn-62422.exe
3784	Unicorn-399.exe
4792	Unicorn-37726.exe
4388	Unicorn-30112.exe
4600	Unicorn-21582.exe
5072	Unicorn-62614.exe
2516	Unicorn-8368.exe
812	Unicorn-30112.exe
3948	Unicorn-17498.exe
400	Unicorn-33569.exe
408	Unicorn-29750.exe
3604	Unicorn-39956.exe
3532	Unicorn-39956.exe
3908	Unicorn-2484.exe
4760	Unicorn-30496.exe
4904	Unicorn-17690.exe
4304	Unicorn-60952.exe
1064	Unicorn-54638.exe
2156	Unicorn-35142.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 3200	836	652ec4e693518bf17f221b68ba689370N.exe	89
PID 836 wrote to memory of 3200	836	652ec4e693518bf17f221b68ba689370N.exe	89
PID 836 wrote to memory of 3200	836	652ec4e693518bf17f221b68ba689370N.exe	89
PID 3200 wrote to memory of 3648	3200	Unicorn-27386.exe	93
PID 3200 wrote to memory of 3648	3200	Unicorn-27386.exe	93
PID 3200 wrote to memory of 3648	3200	Unicorn-27386.exe	93
PID 836 wrote to memory of 2144	836	652ec4e693518bf17f221b68ba689370N.exe	94
PID 836 wrote to memory of 2144	836	652ec4e693518bf17f221b68ba689370N.exe	94
PID 836 wrote to memory of 2144	836	652ec4e693518bf17f221b68ba689370N.exe	94
PID 3648 wrote to memory of 4872	3648	Unicorn-8693.exe	97
PID 3648 wrote to memory of 4872	3648	Unicorn-8693.exe	97
PID 3648 wrote to memory of 4872	3648	Unicorn-8693.exe	97
PID 3200 wrote to memory of 4572	3200	Unicorn-27386.exe	98
PID 3200 wrote to memory of 4572	3200	Unicorn-27386.exe	98
PID 3200 wrote to memory of 4572	3200	Unicorn-27386.exe	98
PID 2144 wrote to memory of 4280	2144	Unicorn-17416.exe	99
PID 2144 wrote to memory of 4280	2144	Unicorn-17416.exe	99
PID 2144 wrote to memory of 4280	2144	Unicorn-17416.exe	99
PID 836 wrote to memory of 2968	836	652ec4e693518bf17f221b68ba689370N.exe	100
PID 836 wrote to memory of 2968	836	652ec4e693518bf17f221b68ba689370N.exe	100
PID 836 wrote to memory of 2968	836	652ec4e693518bf17f221b68ba689370N.exe	100
PID 4872 wrote to memory of 2708	4872	Unicorn-60258.exe	101
PID 4872 wrote to memory of 2708	4872	Unicorn-60258.exe	101
PID 4872 wrote to memory of 2708	4872	Unicorn-60258.exe	101
PID 3648 wrote to memory of 4776	3648	Unicorn-8693.exe	102
PID 3648 wrote to memory of 4776	3648	Unicorn-8693.exe	102
PID 3648 wrote to memory of 4776	3648	Unicorn-8693.exe	102
PID 2968 wrote to memory of 3668	2968	Unicorn-18331.exe	103
PID 2968 wrote to memory of 3668	2968	Unicorn-18331.exe	103
PID 2968 wrote to memory of 3668	2968	Unicorn-18331.exe	103
PID 836 wrote to memory of 4976	836	652ec4e693518bf17f221b68ba689370N.exe	104
PID 836 wrote to memory of 4976	836	652ec4e693518bf17f221b68ba689370N.exe	104
PID 836 wrote to memory of 4976	836	652ec4e693518bf17f221b68ba689370N.exe	104
PID 4572 wrote to memory of 4008	4572	Unicorn-32224.exe	105
PID 4572 wrote to memory of 4008	4572	Unicorn-32224.exe	105
PID 4572 wrote to memory of 4008	4572	Unicorn-32224.exe	105
PID 3200 wrote to memory of 4080	3200	Unicorn-27386.exe	106
PID 3200 wrote to memory of 4080	3200	Unicorn-27386.exe	106
PID 3200 wrote to memory of 4080	3200	Unicorn-27386.exe	106
PID 4280 wrote to memory of 1920	4280	Unicorn-24462.exe	107
PID 4280 wrote to memory of 1920	4280	Unicorn-24462.exe	107
PID 4280 wrote to memory of 1920	4280	Unicorn-24462.exe	107
PID 2144 wrote to memory of 1844	2144	Unicorn-17416.exe	108
PID 2144 wrote to memory of 1844	2144	Unicorn-17416.exe	108
PID 2144 wrote to memory of 1844	2144	Unicorn-17416.exe	108
PID 2708 wrote to memory of 1588	2708	Unicorn-2453.exe	109
PID 2708 wrote to memory of 1588	2708	Unicorn-2453.exe	109
PID 2708 wrote to memory of 1588	2708	Unicorn-2453.exe	109
PID 4776 wrote to memory of 3704	4776	Unicorn-64461.exe	110
PID 4776 wrote to memory of 3704	4776	Unicorn-64461.exe	110
PID 4776 wrote to memory of 3704	4776	Unicorn-64461.exe	110
PID 3648 wrote to memory of 4676	3648	Unicorn-8693.exe	111
PID 3648 wrote to memory of 4676	3648	Unicorn-8693.exe	111
PID 3648 wrote to memory of 4676	3648	Unicorn-8693.exe	111
PID 4872 wrote to memory of 3228	4872	Unicorn-60258.exe	112
PID 4872 wrote to memory of 3228	4872	Unicorn-60258.exe	112
PID 4872 wrote to memory of 3228	4872	Unicorn-60258.exe	112
PID 3668 wrote to memory of 5024	3668	Unicorn-5961.exe	113
PID 3668 wrote to memory of 5024	3668	Unicorn-5961.exe	113
PID 3668 wrote to memory of 5024	3668	Unicorn-5961.exe	113
PID 2968 wrote to memory of 4852	2968	Unicorn-18331.exe	114
PID 2968 wrote to memory of 4852	2968	Unicorn-18331.exe	114
PID 2968 wrote to memory of 4852	2968	Unicorn-18331.exe	114
PID 4080 wrote to memory of 3660	4080	Unicorn-36588.exe	116

C:\Users\Admin\AppData\Local\Temp\652ec4e693518bf17f221b68ba689370N.exe
"C:\Users\Admin\AppData\Local\Temp\652ec4e693518bf17f221b68ba689370N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        10⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        10⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
        9⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
        9⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        9⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        9⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        9⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        9⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37239.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
        10⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        10⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        9⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        9⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        9⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        8⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        8⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        9⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        9⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        9⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        8⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4713.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        7⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        9⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        10⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        10⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        10⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
        9⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        9⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        9⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        9⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48885.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        9⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        9⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        8⤵
        
        PID:14576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14576 -s 440
        9⤵
        Program crash
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        8⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19906.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        7⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        6⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        9⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        9⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        9⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        8⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        8⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32823.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        7⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40460.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        6⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12197.exe
        8⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43797.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        7⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        7⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        5⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
        5⤵
        
        PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        9⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        9⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
        9⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        9⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        9⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        8⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        8⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        8⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52417.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        9⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        9⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39516.exe
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        8⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        7⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        7⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4560.exe
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        6⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        8⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        8⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        8⤵
        
        PID:16600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        7⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39708.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60653.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        6⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
        6⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        5⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        7⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        7⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
        6⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        6⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        6⤵
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        6⤵
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37830.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        5⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        5⤵
        
        PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
      4⤵
      PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
      4⤵
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        9⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        9⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        9⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        8⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        8⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        8⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36064.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        6⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17547.exe
        7⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-357.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        7⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        6⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        5⤵
        
        PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        6⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        5⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        5⤵
        
        PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
      4⤵
      PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11081.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        6⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        9⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        9⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        8⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        7⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        7⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        6⤵
        
        PID:13176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        6⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        5⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        6⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44294.exe
        6⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58560.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        5⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
      4⤵
      PID:13912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13912 -s 484
        5⤵
        Program crash
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
      4⤵
      PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
      4⤵
      PID:16044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41192.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        7⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5152.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60268.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        5⤵
        
        PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        5⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
        5⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        5⤵
        
        PID:16972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
      4⤵
      PID:15016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
        6⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
      4⤵
      PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
      4⤵
      PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
    3⤵
    PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        5⤵
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
      4⤵
      PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
    3⤵
    PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
      4⤵
      PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
    3⤵
    PID:9804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
    3⤵
    PID:14288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
    3⤵
    PID:11100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47336.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        6⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        5⤵
        
        PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        8⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55648.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        7⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        7⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53082.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        7⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13144.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        7⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        7⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        5⤵
        
        PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        5⤵
        
        PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
      4⤵
      PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
      4⤵
      PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
      4⤵
      PID:7916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52386.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        7⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        6⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        7⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21074.exe
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        7⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        7⤵
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        6⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13274.exe
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52128.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16258.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30355.exe
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
      4⤵
      PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        7⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        6⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17684.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        6⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        5⤵
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55926.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        5⤵
        
        PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13741.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      4⤵
      PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      4⤵
      PID:3492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
      4⤵
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59117.exe
        5⤵
        
        PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
      4⤵
      PID:10400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      4⤵
      PID:16432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
    3⤵
    PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
      4⤵
      PID:16568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
    3⤵
    PID:10856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
    3⤵
    PID:14420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
    3⤵
    PID:11076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        6⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        8⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        6⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        5⤵
        
        PID:13496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        5⤵
        
        PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53694.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52734.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1036.exe
        6⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
      4⤵
      PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
        7⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        6⤵
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
      4⤵
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        5⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        5⤵
        
        PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39818.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      4⤵
      PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59371.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
      4⤵
      PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21732.exe
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        5⤵
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
      4⤵
      PID:13812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
      4⤵
      PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        5⤵
        
        PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
      4⤵
      PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
    3⤵
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
      4⤵
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
      4⤵
      PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
      4⤵
      PID:16868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
    3⤵
    PID:8972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
    3⤵
    PID:12480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
    3⤵
    PID:11400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        5⤵
        
        PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
      4⤵
      PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
      4⤵
      PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
    3⤵
    PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      4⤵
      PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
    3⤵
    PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
      4⤵
      PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
    3⤵
    PID:10556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
    3⤵
    PID:11968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
    3⤵
    PID:15944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
    3⤵
    PID:16176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
    3⤵
    PID:8156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        5⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        5⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
      4⤵
      PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
    3⤵
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
    3⤵
    PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
    3⤵
    PID:9808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
    3⤵
    PID:11900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
    3⤵
    PID:8108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
    3⤵
    PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
      4⤵
      PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
      4⤵
      PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
    3⤵
    PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
      4⤵
      PID:7024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52188.exe
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
    3⤵
    PID:16124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
    3⤵
    PID:7828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
  2⤵
  PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
    3⤵
    PID:7968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
    3⤵
    PID:5936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
    3⤵
    PID:13868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
  2⤵
  PID:7596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
  2⤵
  PID:10704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
  2⤵
  PID:14304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46756.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:14968

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe

Filesize
468KB

MD5
df02926164695e3af64afd4ba6f2e0dd

SHA1
7e1ab5d6ea216c574d96fc12af90de74afa82b55

SHA256
83fc73516ff4851b46b770e6590e65012417388731e19556d518bf8e2d530e9f

SHA512
a80be68593dc1e50c9691f4f5a65fe9ba9a119b2300734f9e4dc64bcee8f1abac8af445cf64ed2f79fbe5f11af4e4e255f1565cd442f1d14c737c891db567945

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe

Filesize
468KB

MD5
8029b6ee06c047b17baa6c9a15c1bf01

SHA1
9e4cb20f655eff5958fef32f6ae58cc1a024985e

SHA256
cb6e36f44dd95d357bbc103a344d8ea3110e15e43ce14e30e9467124f4705e4d

SHA512
f5f320513e39f46b46788d6763e9b8a6d8bc3cf0850052dd349d6a8b030010f06c5e231abea03071841831f4549981c1b6fc16b94735aca6f8ceeef96a8d5400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe

Filesize
468KB

MD5
5996c08118def32adc25add093d909bd

SHA1
5204dd9041dcf4ecca817d15b59971184a909345

SHA256
0d07610c291bf0e5fb309747e5dce935647606cb5d5845c638b30ebaf26ba1b2

SHA512
e46583c0983923de0ab930957a04175e883aa84504ea40aae488929e8fd5ae58f228c98bf591c78928128f8bcafb8dcb0e93aa1d1f708a45b7aa2806d743b38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe

Filesize
468KB

MD5
acfe8403d454372ed9da6ceb3af045ed

SHA1
1e9ad9e27b05320b205e893e31571973e094a26d

SHA256
110bb1cc95d1d6dc18ecbef3f9196b5c404ba5204c045b479135014aea0d78ae

SHA512
3cc8229664793ccc23fc0b7bdaa4f793147cbab74ced673d888c5635f2b0ef1d44d7edfd9c14a0e9bebe7ae98f935506306c3fbb6b4f11228b73fa242890f56e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe

Filesize
468KB

MD5
f07b3745f80f591d95aa18d81ebcf545

SHA1
d3ec1933be0c15b2a7547cab91288757a800ab47

SHA256
7ff0e2c11f31f0691401e3972b5ba3ce0c8d4928df0b7103d0ca253d0af857ee

SHA512
4aa3073f0503524468e1579252eb62085cdbbad81b3ac88048fac90e9c8912502451f7c459f7b604d971c319b675fa6d9984ac464bfc1e9ee8606be78bb919e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe

Filesize
468KB

MD5
988106f571a7bbeead940b3c0c4939f1

SHA1
d251991737ba8969f6dd9078d6c65ac4572e5bc1

SHA256
c5f4f43fcc65cdcbfa9a67837014c492c2c4cef36b72f1e1a6d883f65f1d5cf6

SHA512
3dc69ff6c4f3957b1e618095a8da513f5f9e6cc41a21aa145f9f3ac17a61304d1a92c46d2979e33ef1b747ed97178bd58fdc0cbc992abef5d5bb4e813502608d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe

Filesize
468KB

MD5
626112bbf973f538b3075a0e7658b101

SHA1
f335daeaad6ed5e0d262b0b8e6ab9e72afebd367

SHA256
5fc14281af5333b180752a1333eed91875de15919327d09dc8a78cf9f0e9228a

SHA512
026cb2bc78e7eb9b8303ffc1092bee264749126d4fe747b6340341e9155de1a40336f28315b79d76192d7da297d9bbdd401eb37bae4e90079e9e32a1a2e5e65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe

Filesize
468KB

MD5
e3d1aaf1bf82454669564f116e51655a

SHA1
32807c64519c91c4294580dd6a610a236d978dd1

SHA256
b25a9b4acbbf5bfe7e2fbd5ddc096a833965def5761f3fc205c28d479c299642

SHA512
d9b5865ac38c97eaa6a05b7cfe7e5b816e806a0b5442bcac80ea578e6a2e4e79f4463dfb0ecf8726732888f2c1b3139221f8cfa323155b5aa8c7c6f659982fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20482.exe

Filesize
468KB

MD5
e025aab84cf40045b66add2001c2048d

SHA1
ed407597924a894d72c671b4db5187fa43a8f5e4

SHA256
0cbd3368e9d95acf7c73fd716bde3c783b977494cb5cf0cf8dba6cedef4f5005

SHA512
36390871febe050ee138baecf08e35640fb241c2fd8d94d75293c6716c007efcdaf56580b333a9ab128abae195ab1e7b5d5991a9905abf2ccc260e1d0ffc6a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe

Filesize
468KB

MD5
3be0069b0bdf5b420bac25eef84149ea

SHA1
4eb776e209e5d2bba91f0c4a57397287d32fa4e9

SHA256
e96a03112012559f03a33189505f6208fe1c2fe148ffb0ecca41db56bb28e87d

SHA512
0b81b5ba3a2b79ba995772b44bd5ca11e69a8150cedef308609de64f233e53bf77b070bdeeb2318c853230181163d3b6367c575b26c24e6429639033dfb4d855

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe

Filesize
468KB

MD5
feb1a20335bb5bc4ac4bbc803287599a

SHA1
17193ec5201d3cd73d75f206efee78025f2d59ed

SHA256
c514fbb37b2258efec300e87aa2ca33afb1b8b100c188382f450d4ea130c0fd2

SHA512
36eead4daf9bfab016c6f0896381d89ad39c47324e50d79a355b504b9c2d4c15c5927dd4975f2c25b831517267c45fd488f6cc247ef072e08cb30737441a3495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe

Filesize
468KB

MD5
7821b77bbe889528cc4af0972631c796

SHA1
a440c5857498d15ff8627d5bbe62652c0541e29e

SHA256
0268dac24f32133a111c9f53d4754abf710608402b53bb923ba9ba3ec495762f

SHA512
ec59920a9ee7a184d2c8f114bcad45a58effaae93f3dca7d6657cba3ab092a67df7defc8e15a5d454d029f25e862eda1212e3eb5a64b2c603e1d64a1160f4017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe

Filesize
468KB

MD5
d63465542c7b8d44a1ea5a79e8aa108a

SHA1
9482fce36f26d7e6810d7be0ee7e3488e2e2d983

SHA256
88f8ae350c4a7478c1d3c32d33ea74917c0da264fc25caf38a0f8f7cd26f1387

SHA512
b22cd4eaed5f5e24a73834771178e7ce4b3478b333b25b225a47b5fd4a1efbc7f80b008aa7a6490b670b5982705c68152be2455eefe41b06e43b4f6de7db6cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe

Filesize
468KB

MD5
b51c61db0e2c3f937fb1df9d6d7f1642

SHA1
ff20893a7c8d6cbf1044cfa2e7be4e91489bc6da

SHA256
f5e26582f880a818386a8ace89fc2a249ca8e7efe4d4dabbec54588c4341ecad

SHA512
6d9a6889f315818e8c58258aae3a43697ef4b6b0a93ed2dc852ebe05eb5c1d13cf874451f27b0e9aa76cd8ca3529f8f912c26a367a711af59fadb370159e7b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe

Filesize
468KB

MD5
af5236f156b595556f0ffa823a99d201

SHA1
15a0b112ba66d730100bf5899be3e19dc752434b

SHA256
92c99981299cb52be1bf6beee01ef095aab6d0a8d8c475f3088c3e322a50e276

SHA512
b76b17e74d098a1ea8bbefecb7fe766507616bbe1be3878e6f055df03211cf3ee0acb46dbc9af437bcddb599d21815a8e6a373bd9ef8ecf37bf85cca66d1b92e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe

Filesize
468KB

MD5
741634393dfb3e98ea8a0874a451c129

SHA1
21297b7198f97d9f57f1a611b75fa62cdcf1011c

SHA256
bdc1227821b4a8a7868d3c55d0f2294ff01c8228b20870a6f0b3bc3de7e164eb

SHA512
766ae7fd0b06b2673c1f619b372bed1768d50dfe30b575a11a4911119388f7fae6e57f90895ef47b285512604601828daf85cf0d3708f7510a75e530496430ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe

Filesize
468KB

MD5
547d698bd568a876b6de175cc917eb2d

SHA1
c70848e100d44eaa949cead05cc0cee87ed6aa75

SHA256
cd5af4c2ae43e9fc13b42837b291bee455a9609fdaeec3c0ea6907f868564c24

SHA512
d1238dcad5db837d2fe5c30a4f6a5d7db7b5bdf7fcacc57a679b7de4fd48f20cd905107f94162a17c7b7897969613e86473a6251fdc240617595c61152188d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe

Filesize
468KB

MD5
d3be87af06074dbbcdc623424713ad75

SHA1
cff471d594014116fc95a39132cc42686152004c

SHA256
209b6d4cfced9e210f5106039850f1dedd7a6caa7b91ab27e667c4e43386745d

SHA512
3d91308a2d9562691881653da314bdbbfa501384675970bc199c79e93df499bec7f234922173923b1ab417a8176e350d2f7ecc4f350e7bbf2e14c14e4e4e187b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe

Filesize
468KB

MD5
9dc8ceec10eac8c53638040264abf6dc

SHA1
4e4c20b8404878da6aa6920778e5b3adbacd22bf

SHA256
2e61991160ecf5700c4cf513a0972d2d248557d9fcdb9c5d329b52e9e0fa3d38

SHA512
8aa7b45e3dda9bec872a5bf3e49ee276719b5b14236b9c87d7f4e25d6177d9a295d4e13f013249195234ab4360cb0492af82a50645fe3564e0cf8d40f11cba98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe

Filesize
468KB

MD5
ea5245c9be420ae1004b9b3fed96d7eb

SHA1
d9a5408e5bd969d29d9f21059e422305b44ba657

SHA256
6efaf7f83180c5d4c30320c4359a45cd6410f38114ca16951c7662d51eca8e55

SHA512
afbfc80dfcf1c2b4d7935b3ec40edc82fe0128fca2d5a6eb986f4f01522128005e19d2086f45784fe190acd6335a5f8098511306686f3ddedd96c2e2bec2c2d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe

Filesize
468KB

MD5
c163a7626a97c65c46e37a0b2cce5c9d

SHA1
758b83f88ca4aa90cd4b7bc0d5990e1bc4552f0c

SHA256
5e41c2ba811de6f8663fae3be54d0129418fcaaed27e6e4ccd9984cb691d1d35

SHA512
d44e834a9a1ff6ac9ad80f80c71e44b1434eef659d51ef58170de15dc14e114023756d314941c4c2f303425e0f86740f779a328e901d025449feff010e14b1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe

Filesize
468KB

MD5
867127fa0f3adaf8e754b222dbfc650d

SHA1
a996a2e6aa1ac5af7bc40a32d98bd43822363f5a

SHA256
6e0ecc9d31ad0523362c8bf92f9586b887ce4b23f9626f79e5ac98c8ed3e7ac2

SHA512
f5cecca98c762e9683a63120d46a773f57ab783f978d53b051d35664cd13e896e41b6d4da62e9ff0ac92c8919aa40d2fcc2db5860b1d36141e8ba8e367c67122

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe

Filesize
468KB

MD5
ab08ff1730e8f8285dc7642fc30894ac

SHA1
320313fb9c39b2b5ebd590bf3fc004464d7d25d2

SHA256
fdcdbfb5e15dea61ac556e745c40adbcf19854e6ef05b6313d2afe4438950580

SHA512
d63c7df62926a39dd033f90e05100e3e0b2c8388edb6b1573f69309275263a96c159687208c479899bc44f3c4bb0bebd1bc57a6bb34d5703d399d588f78a16df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe

Filesize
468KB

MD5
c20de671f76189fa9d27e9f50bf4919a

SHA1
6dc47e0eb61fcc161870e1e426d06088df58242d

SHA256
764d85162a133ccfebadb2edf0354cbfe0202940bf350ba43d56d15373e2aea2

SHA512
a12bcebf40b4142c3635e83ecc3b8ff61730e8e28ef3d98416b0cededb9a100245afa833fc4f5143ef8024c5551ef8dccf5f370b0fbfba59bfd693b4de86d873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe

Filesize
468KB

MD5
8ee57ff137d8598fbd38728eb2f42ce4

SHA1
f5d87718f5d296eceeec6b629e302aee2130d365

SHA256
b8a795ef2f9e11dc5a29cc4370cfc1c0f94b5cbfc9e9b36da80ba34667bd46ec

SHA512
a3dccbdf4dbe919902fe58c215e4b8e3a862fb7e75097d6d2123473e40b0a090655687fb66be6d1fd7cf0c4a2a64fa14c7aff0ed6b9f79bd22e5d2bab17cc794

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe

Filesize
468KB

MD5
9eb9f1149251d0f88cd2fd5e461c04a5

SHA1
dac0910850ffe7e164bb8442503d4c6fb4d3d3f1

SHA256
8a1e4021cb2046a530061a2a2bb54437b4240de248ea0c7d041662c1f5ddeb50

SHA512
b2f7b327ac901a38eb42e11edd4d99d78d9d6bf4e10191887e99a4ff86ab72d3e17c1e21d6ce7910fc8481d05cd2cde6fc68d2af1f116ebdf2475d810e6413db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe

Filesize
468KB

MD5
5347ee08be7bcb17eff88fe0b3477a2f

SHA1
24089dbe17660156c2d625393bafdd0d2f9caeac

SHA256
2ff7f18c3e0859955ece41874b8e7f9c3b5c1766b211404d3061d47613d0e4e5

SHA512
60b07fec5fed26d22f9fd3a76801d4547f7519591d35d3ff2ebe8cb318b4755d844964b1cdf7cc4ccb1d1ed5b601325b426dbed4789d2c0f5ed8255ef3b3002d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe

Filesize
468KB

MD5
5f5763a9e4aaa252eb22e85be6d80cca

SHA1
20ccb2e625b4aac1caebb1bdfa1c4162caebb20e

SHA256
e365311cecc79e2fe2120e566edb3537c553cd4ecbe88a28db9e27dbf4c65dca

SHA512
ad2f7e3db42db11169ba518da404e526157a115fcb49076c3d712c6029a3ab1b5e4b85fb536bbb1b5ef5141b5c5f1f42461cb70bf6ed3a0102960139c510d77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe

Filesize
468KB

MD5
4acb0225e554c1bbf4aa2e37e2fd81a4

SHA1
141727e72145f1f9f35527f0d1418b0421dbf46e

SHA256
91269bf84f04afb57fc8acab8bcf240683a9da218e3afe5e63b4d6c02c79f5a2

SHA512
a07735de8650bf8c7d6b5aa7b7eec5b6d97d549ddd2e833b63c67d521bd58294597f221c968a5c4c7792dfcbad0f8123a25c22dfff91dc9022acc836bc8fcfb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe

Filesize
468KB

MD5
18f3a6be076ebebcd749f0265b86b324

SHA1
684ad15ef1388c08f488925b9908785ffd9b6142

SHA256
0e8550b61423a891fad60e44ec1c435159a285aa21280b2c75ad40389d448b12

SHA512
517bc526fd7a4c0f87dc01cfde1b05a3240cec6664d3d240582c89ff91abb441dbe325db7360c2e9426217155b34aaefe9f578d8e197b6a0140f61a227b1a301

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe

Filesize
468KB

MD5
e3c26e5240d0531aef9578ce78427886

SHA1
3ab17f5d4ddd6d0ce3a4bc53ec823af14fe7af99

SHA256
b9a5bc5ba7667bc7dcb484e854a32b14a23752868b843499dbd85da3a3cafa75

SHA512
5d10296024e85116346efb1f710cac106131ce8f2be81b7c7d3280b8af747f3aba7153482f82d8a4deb547b15a95add43d7bbb57b6e400e1f2fba7a993e64ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe

Filesize
468KB

MD5
4fbc8626a079bdab4d7ca6f38089521f

SHA1
c88d4eba8d3cca6a7a0288ac778ba7f4c35e896b

SHA256
974421cce425b6c07a8f22886643fedd2195b224a7df9da81d66c75f18e31105

SHA512
1da174453bffcf6cfd4462789f17792cffcbad02d0747ae45836cd357c89acd6959701ae2f87f1e83e6aaff5213054ffedff0f7ebb0611a8a7c9801c2b0db864

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe

Filesize
468KB

MD5
fe17e3fb92ae21e0964a4405af572122

SHA1
b01e71bc26841bce55edd94c5915af99ca8fc8fc

SHA256
018f83081f9163e0d538d6d83e2dff7025f36c361f3d94e84848f2c0b129d6ef

SHA512
9e9838b97ffd83d9ac31dc61f78a0a2c9eb688907840b176edfce634ba3eb864523a9c7e1c264e87310ef400b1cf059ccc365b96957587945bd1eb709f9dfc26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe

Filesize
468KB

MD5
46a5d533ed331731fb9e9e2a7591a43e

SHA1
186e61e714b76f6efb4e71d6c0016395ac62e8de

SHA256
e15761ce7b02745781016572d701b307f9e7097570acccb840ffb205382c4898

SHA512
fcedf23107898f5d3c6b5c81055d88adb03675dcf2f54390b857c947967fbd263af31b53e9ebdc3f4b87f86333b5f3eb204b0d9fa0426146aff6ec946011f3c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe

Filesize
468KB

MD5
b53c9c287bad49b4ce31e3a865c93450

SHA1
6f1dce41056e0b13d8002680f814c83fc602e895

SHA256
cbdef15f63132c0a441c8360005dc61920d821a252775df47512b1ffd9e290a1

SHA512
583aa195312a05db2c1a4aa2cc6cfa1c94f0b73d050cdc7447fc197f40e081cbefa6138cc0cd4455228b7ca4eb969773e8fb2799c0c6148ff7471d773091118c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe

Filesize
468KB

MD5
a8782b638a4d6f944342ef86adbd3f6c

SHA1
d54c66dedd97f1b500ac8c97507cd0b2f4d7c50b

SHA256
edabc6171844c5b4bcf662c13d5da9fc99ffae0d46744ce1451afbc7760bf979

SHA512
f28ff4263e78b731a6ad0df563d737a87e313a6ed370f1ad3d0c08135c5a0a7993e935f548671c60c7b213d1839867088085603074becd40ea581c4a3c82f7ee

Download Submit
memory/112-437-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/376-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/400-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/408-338-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/640-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/764-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/812-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/836-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1064-371-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1172-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1416-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1588-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1844-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1920-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1920-3144-0x00000000762D0000-0x0000000076345000-memory.dmp

Filesize
468KB

Download
memory/2072-192-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-21-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2148-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-185-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2444-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2516-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-56-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-2802-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2968-45-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2984-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3200-6-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3212-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3228-134-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3348-3584-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3532-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3648-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3660-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3668-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3704-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3708-438-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3760-220-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3784-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3948-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3996-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4008-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4020-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4036-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4140-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4192-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4232-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4280-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4304-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4364-236-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4388-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4404-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4532-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4572-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4576-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4600-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4676-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4728-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4748-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4760-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4776-63-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4792-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4840-3574-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4852-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4872-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4904-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4976-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4980-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5024-139-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-406-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5072-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5136-439-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5164-440-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5172-441-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5204-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5216-451-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5264-460-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-453-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5292-456-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5336-457-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5524-465-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5556-481-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5588-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5632-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5652-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5764-762-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5780-763-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5788-770-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5796-771-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5844-774-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5868-775-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5876-776-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5928-3580-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5948-778-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16012-3163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16152-2678-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16192-3100-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads