ad5b03a91dc96733f8afcde9fe9543208022c99085b5a958bb2d8053d6b056d5

Analysis

max time kernel
119s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aba2c86c0950e7cd8b3af059a2f00ca0N.exe
Size

468KB
MD5

aba2c86c0950e7cd8b3af059a2f00ca0
SHA1

bcdadad1be1aaa36cc424881e1e87a68b472262c
SHA256

ad5b03a91dc96733f8afcde9fe9543208022c99085b5a958bb2d8053d6b056d5
SHA512

2cdbb245699a40eb2305091bc49a7aff2c08784339ce52a1227c84eb731c1c6fa916dab5d2b42aa8deca77529670c1e1def61d93bf215067763166e7629d7f2e
SSDEEP

3072:ttAuorldI03YtbY2PzcIffT/ECpZtumpnsHEdVh9oOPaGSn7tWlx:ttZoQOYtBP4IffrhLjoOipn7t

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1000	Unicorn-1801.exe
4156	Unicorn-59466.exe
3236	Unicorn-36393.exe
5040	Unicorn-23426.exe
4048	Unicorn-7089.exe
4220	Unicorn-52761.exe
3176	Unicorn-49968.exe
1840	Unicorn-59274.exe
4440	Unicorn-49937.exe
4012	Unicorn-26410.exe
3644	Unicorn-26410.exe
368	Unicorn-9616.exe
5024	Unicorn-26410.exe
748	Unicorn-47385.exe
2404	Unicorn-45272.exe
4612	Unicorn-26706.exe
3916	Unicorn-22024.exe
380	Unicorn-60914.exe
4404	Unicorn-49539.exe
3900	Unicorn-29673.exe
1976	Unicorn-11521.exe
4620	Unicorn-11521.exe
4796	Unicorn-49025.exe
1548	Unicorn-13559.exe
4464	Unicorn-44505.exe
3220	Unicorn-10759.exe
3068	Unicorn-19690.exe
1604	Unicorn-24904.exe
4816	Unicorn-19690.exe
1312	Unicorn-50738.exe
1596	Unicorn-39098.exe
4216	Unicorn-39363.exe
1428	Unicorn-31448.exe
2912	Unicorn-1921.exe
1936	Unicorn-36824.exe
924	Unicorn-37090.exe
4980	Unicorn-49321.exe
2432	Unicorn-3649.exe
4732	Unicorn-41475.exe
2252	Unicorn-40472.exe
3292	Unicorn-26736.exe
348	Unicorn-13737.exe
1132	Unicorn-37073.exe
3904	Unicorn-55154.exe
4632	Unicorn-14121.exe
3628	Unicorn-54962.exe
1848	Unicorn-35096.exe
1740	Unicorn-43587.exe
5032	Unicorn-13167.exe
4448	Unicorn-22098.exe
4420	Unicorn-22098.exe
1824	Unicorn-17161.exe
2868	Unicorn-20872.exe
1212	Unicorn-62170.exe
2936	Unicorn-25968.exe
2652	Unicorn-39704.exe
60	Unicorn-12593.exe
4956	Unicorn-9640.exe
4196	Unicorn-29506.exe
5092	Unicorn-29506.exe
4172	Unicorn-13169.exe
4652	Unicorn-29049.exe
4384	Unicorn-9448.exe
4244	Unicorn-23183.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
6684	2444	WerFault.exe	158
7468	4196	WerFault.exe	152
9144	5092	WerFault.exe	153
2448	1220	WerFault.exe	202
10648	5180	WerFault.exe	205
11008	5248	WerFault.exe	208
10996	5392	WerFault.exe	209
13984	3192	WerFault.exe	290
16036	1012	WerFault.exe	277
16508	16536	WerFault.exe	851

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57313.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18408	dwm.exe
Token: SeChangeNotifyPrivilege	18408	dwm.exe
Token: 33	18408	dwm.exe
Token: SeIncBasePriorityPrivilege	18408	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe
1000	Unicorn-1801.exe
4156	Unicorn-59466.exe
3236	Unicorn-36393.exe
4220	Unicorn-52761.exe
4048	Unicorn-7089.exe
5040	Unicorn-23426.exe
3176	Unicorn-49968.exe
1840	Unicorn-59274.exe
3644	Unicorn-26410.exe
5024	Unicorn-26410.exe
368	Unicorn-9616.exe
748	Unicorn-47385.exe
4012	Unicorn-26410.exe
4440	Unicorn-49937.exe
2404	Unicorn-45272.exe
4612	Unicorn-26706.exe
3916	Unicorn-22024.exe
380	Unicorn-60914.exe
4620	Unicorn-11521.exe
3900	Unicorn-29673.exe
4404	Unicorn-49539.exe
1976	Unicorn-11521.exe
4816	Unicorn-19690.exe
3068	Unicorn-19690.exe
1604	Unicorn-24904.exe
4796	Unicorn-49025.exe
1548	Unicorn-13559.exe
3220	Unicorn-10759.exe
4464	Unicorn-44505.exe
1312	Unicorn-50738.exe
1596	Unicorn-39098.exe
4216	Unicorn-39363.exe
1428	Unicorn-31448.exe
2912	Unicorn-1921.exe
1936	Unicorn-36824.exe
924	Unicorn-37090.exe
2432	Unicorn-3649.exe
4980	Unicorn-49321.exe
4732	Unicorn-41475.exe
2252	Unicorn-40472.exe
348	Unicorn-13737.exe
3292	Unicorn-26736.exe
1132	Unicorn-37073.exe
3904	Unicorn-55154.exe
4632	Unicorn-14121.exe
3628	Unicorn-54962.exe
4448	Unicorn-22098.exe
4420	Unicorn-22098.exe
1848	Unicorn-35096.exe
5032	Unicorn-13167.exe
1740	Unicorn-43587.exe
2868	Unicorn-20872.exe
2936	Unicorn-25968.exe
1212	Unicorn-62170.exe
2652	Unicorn-39704.exe
1824	Unicorn-17161.exe
60	Unicorn-12593.exe
4196	Unicorn-29506.exe
4956	Unicorn-9640.exe
4172	Unicorn-13169.exe
5092	Unicorn-29506.exe
2444	Unicorn-29314.exe
3460	Unicorn-47274.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1000	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	91
PID 1944 wrote to memory of 1000	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	91
PID 1944 wrote to memory of 1000	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	91
PID 1000 wrote to memory of 4156	1000	Unicorn-1801.exe	93
PID 1000 wrote to memory of 4156	1000	Unicorn-1801.exe	93
PID 1000 wrote to memory of 4156	1000	Unicorn-1801.exe	93
PID 1944 wrote to memory of 3236	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	94
PID 1944 wrote to memory of 3236	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	94
PID 1944 wrote to memory of 3236	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	94
PID 4156 wrote to memory of 5040	4156	Unicorn-59466.exe	97
PID 4156 wrote to memory of 5040	4156	Unicorn-59466.exe	97
PID 4156 wrote to memory of 5040	4156	Unicorn-59466.exe	97
PID 3236 wrote to memory of 4048	3236	Unicorn-36393.exe	98
PID 3236 wrote to memory of 4048	3236	Unicorn-36393.exe	98
PID 3236 wrote to memory of 4048	3236	Unicorn-36393.exe	98
PID 1000 wrote to memory of 4220	1000	Unicorn-1801.exe	99
PID 1000 wrote to memory of 4220	1000	Unicorn-1801.exe	99
PID 1000 wrote to memory of 4220	1000	Unicorn-1801.exe	99
PID 1944 wrote to memory of 3176	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	100
PID 1944 wrote to memory of 3176	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	100
PID 1944 wrote to memory of 3176	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	100
PID 4220 wrote to memory of 1840	4220	Unicorn-52761.exe	101
PID 4220 wrote to memory of 1840	4220	Unicorn-52761.exe	101
PID 4220 wrote to memory of 1840	4220	Unicorn-52761.exe	101
PID 1000 wrote to memory of 4440	1000	Unicorn-1801.exe	102
PID 1000 wrote to memory of 4440	1000	Unicorn-1801.exe	102
PID 1000 wrote to memory of 4440	1000	Unicorn-1801.exe	102
PID 4048 wrote to memory of 3644	4048	Unicorn-7089.exe	104
PID 4048 wrote to memory of 3644	4048	Unicorn-7089.exe	104
PID 5040 wrote to memory of 4012	5040	Unicorn-23426.exe	103
PID 4048 wrote to memory of 3644	4048	Unicorn-7089.exe	104
PID 5040 wrote to memory of 4012	5040	Unicorn-23426.exe	103
PID 5040 wrote to memory of 4012	5040	Unicorn-23426.exe	103
PID 1944 wrote to memory of 368	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	105
PID 1944 wrote to memory of 368	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	105
PID 1944 wrote to memory of 368	1944	aba2c86c0950e7cd8b3af059a2f00ca0N.exe	105
PID 3176 wrote to memory of 5024	3176	Unicorn-49968.exe	106
PID 3176 wrote to memory of 5024	3176	Unicorn-49968.exe	106
PID 3176 wrote to memory of 5024	3176	Unicorn-49968.exe	106
PID 3236 wrote to memory of 748	3236	Unicorn-36393.exe	107
PID 3236 wrote to memory of 748	3236	Unicorn-36393.exe	107
PID 3236 wrote to memory of 748	3236	Unicorn-36393.exe	107
PID 4156 wrote to memory of 2404	4156	Unicorn-59466.exe	108
PID 4156 wrote to memory of 2404	4156	Unicorn-59466.exe	108
PID 4156 wrote to memory of 2404	4156	Unicorn-59466.exe	108
PID 1840 wrote to memory of 4612	1840	Unicorn-59274.exe	109
PID 1840 wrote to memory of 4612	1840	Unicorn-59274.exe	109
PID 1840 wrote to memory of 4612	1840	Unicorn-59274.exe	109
PID 4220 wrote to memory of 3916	4220	Unicorn-52761.exe	110
PID 4220 wrote to memory of 3916	4220	Unicorn-52761.exe	110
PID 4220 wrote to memory of 3916	4220	Unicorn-52761.exe	110
PID 3644 wrote to memory of 380	3644	Unicorn-26410.exe	111
PID 3644 wrote to memory of 380	3644	Unicorn-26410.exe	111
PID 3644 wrote to memory of 380	3644	Unicorn-26410.exe	111
PID 4012 wrote to memory of 4404	4012	Unicorn-26410.exe	112
PID 4012 wrote to memory of 4404	4012	Unicorn-26410.exe	112
PID 4012 wrote to memory of 4404	4012	Unicorn-26410.exe	112
PID 4048 wrote to memory of 3900	4048	Unicorn-7089.exe	113
PID 4048 wrote to memory of 3900	4048	Unicorn-7089.exe	113
PID 4048 wrote to memory of 3900	4048	Unicorn-7089.exe	113
PID 748 wrote to memory of 4620	748	Unicorn-47385.exe	115
PID 748 wrote to memory of 4620	748	Unicorn-47385.exe	115
PID 748 wrote to memory of 4620	748	Unicorn-47385.exe	115
PID 368 wrote to memory of 1976	368	Unicorn-9616.exe	114

C:\Users\Admin\AppData\Local\Temp\aba2c86c0950e7cd8b3af059a2f00ca0N.exe
"C:\Users\Admin\AppData\Local\Temp\aba2c86c0950e7cd8b3af059a2f00ca0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        9⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        10⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        10⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        10⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        10⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        9⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        9⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        9⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        9⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        8⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        8⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        9⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        9⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        9⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        9⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        8⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
        8⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        9⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        9⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        7⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        8⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        7⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        7⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        7⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        9⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
        7⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49153.exe
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        6⤵
        
        PID:11032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53482.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        7⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        7⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        7⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3257.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        6⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        9⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 640
        9⤵
        Program crash
        
        PID:13984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 724
        8⤵
        Program crash
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        8⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        6⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        7⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
        7⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        6⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        8⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        7⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        7⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        6⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        7⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5329.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        7⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        7⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        5⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 720
        6⤵
        Program crash
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        5⤵
        
        PID:12580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        5⤵
        
        PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39698.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42816.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        5⤵
        
        PID:18136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        5⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
      4⤵
      PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        5⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
      4⤵
      PID:1172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13169.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        9⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        10⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        10⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 616
        9⤵
        Program crash
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43953.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        9⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        9⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        9⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        7⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        7⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        6⤵
        Executes dropped EXE
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        7⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        6⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        9⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 636
        9⤵
        Program crash
        
        PID:16036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 744
        8⤵
        Program crash
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 736
        7⤵
        Program crash
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        7⤵
        
        PID:16536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16536 -s 72
        8⤵
        Program crash
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        6⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        6⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        Executes dropped EXE
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        7⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        6⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        6⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        7⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        7⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        7⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        6⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        6⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
        7⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 628
        7⤵
        Program crash
        
        PID:11008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 696
        6⤵
        Program crash
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        6⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        5⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
      4⤵
      Executes dropped EXE
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42786.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38800.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        6⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
        5⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        5⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        5⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        5⤵
        
        PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
      4⤵
      PID:1184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        8⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        7⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        7⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2322.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        7⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        6⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        8⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        7⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        6⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        7⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        7⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        5⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
      4⤵
      PID:9436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
      4⤵
      PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
      4⤵
      PID:17816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        7⤵
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
        6⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        7⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        7⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        6⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        6⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        6⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        5⤵
        
        PID:17912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
      4⤵
      PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        5⤵
        
        PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
      4⤵
      PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        6⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        5⤵
        
        PID:18352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
      4⤵
      PID:18376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        5⤵
        
        PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
      4⤵
      PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:17688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
    3⤵
    PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
      4⤵
      PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
    3⤵
    PID:11132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
    3⤵
    PID:17840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        9⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        10⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        10⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        8⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        9⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        9⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        8⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        7⤵
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        8⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        9⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        9⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        9⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        8⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        8⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        8⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
        7⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        6⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        7⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14257.exe
        6⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        7⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        7⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
        7⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        6⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        5⤵
        
        PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        8⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        9⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        7⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52209.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        7⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        7⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5433.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        5⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        7⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        6⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52898.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        7⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25792.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        6⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        6⤵
        
        PID:9456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        6⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
      4⤵
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        6⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        5⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        5⤵
        
        PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
      4⤵
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55529.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        6⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        5⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        6⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        5⤵
        
        PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        7⤵
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        6⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36059.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
        5⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
      4⤵
      PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        6⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        6⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        6⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
      4⤵
      PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31091.exe
        5⤵
        
        PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
      4⤵
      PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
      4⤵
      PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
      4⤵
      PID:408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
    3⤵
    PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        5⤵
        
        PID:18344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
    3⤵
    PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44739.exe
      4⤵
      PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
    3⤵
    PID:15896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
    3⤵
    PID:18212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27827.exe
        7⤵
        
        PID:18240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        6⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        7⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
        6⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        6⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        7⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64827.exe
        7⤵
        
        PID:18096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31091.exe
        6⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28697.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
      4⤵
      PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8892.exe
      4⤵
      PID:17828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        7⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
        7⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        6⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
      4⤵
      PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
      4⤵
      PID:17880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63683.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55123.exe
        6⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30200.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        5⤵
        
        PID:18112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46169.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
      4⤵
      PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
      4⤵
      PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      4⤵
      PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
      4⤵
      PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
      4⤵
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
      4⤵
      PID:13572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
    3⤵
    PID:9660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
    3⤵
    PID:14040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
    3⤵
    PID:17968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        7⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        6⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        6⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        6⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
        5⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49386.exe
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34115.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        6⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
      4⤵
      PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        5⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
      4⤵
      PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
      4⤵
      PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
      4⤵
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        6⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        5⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57129.exe
      4⤵
      PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
    3⤵
    PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
      4⤵
      PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
      4⤵
      PID:13400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
    3⤵
    PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
      4⤵
      PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
      4⤵
      PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
    3⤵
    PID:11092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
    3⤵
    PID:15860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
    3⤵
    PID:18276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
        6⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        5⤵
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        5⤵
        
        PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
      4⤵
      PID:13952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
      4⤵
      PID:7004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
    3⤵
    PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        5⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        5⤵
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
      4⤵
      PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60691.exe
      4⤵
      PID:6132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
      4⤵
      PID:18180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
    3⤵
    PID:11068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2626.exe
    3⤵
    PID:18300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
      4⤵
      PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        5⤵
        
        PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
      4⤵
      PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
    3⤵
    PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
      4⤵
      PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
    3⤵
    PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14377.exe
    3⤵
    PID:14488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
    3⤵
    PID:3352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
  2⤵
  PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
    3⤵
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
      4⤵
      PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        5⤵
        
        PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
      4⤵
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
    3⤵
    PID:9880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
    3⤵
    PID:13404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
    3⤵
    PID:17416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
  2⤵
  PID:8060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
    3⤵
    PID:14912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
    3⤵
    PID:16576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
  2⤵
  PID:9484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49113.exe
  2⤵
  PID:16232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
  2⤵
  PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2444 -ip 2444
1⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4196 -ip 4196
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5092 -ip 5092
1⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5180 -ip 5180
1⤵
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1220 -ip 1220
1⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5248 -ip 5248
1⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5392 -ip 5392
1⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3192 -ip 3192
1⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1012 -ip 1012
1⤵
PID:14756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 16536 -ip 16536
1⤵
PID:16456

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:18408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe

Filesize
468KB

MD5
3f3541ec987ed8cb515c45289b98860f

SHA1
c1802c9b0011bd56b0626f81d1c9fa5e7f3b01c6

SHA256
006daa2c63d728f763ab44ff5b71e11fcae3e638362c3ac54005cf408e3f2d01

SHA512
1071559edd1ebe1eb02358dbbafdb3bb30f41ff8ad4fa3c6c3244bfdb109051e7e91c7cb87746348f6b742b9c7a2b67e8d58e33b8dfd857c6eb4946a0f8f9431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe

Filesize
468KB

MD5
ac7a5d966fda6dfb9973097cc173075f

SHA1
024d6d73ec5b2d3293ef24604f173d6c66ddeeac

SHA256
c9b868e29be65aca060829d7761269249798940e2590855fa17ac9306e2441cd

SHA512
6f503ad0bb06fd46f4ff84457e8dad4e270b62284ed4c8daaaea027a191757d5c190a78525ed8b07e06be66e4c297ee8f924e60d39960969e3fa11c87d9d6606

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe

Filesize
468KB

MD5
93b206402a96762f307325a7778405b6

SHA1
a963f06a1641e666a52e67e30bdde808ff273f69

SHA256
71cad9b759447e9d5cf20d5549478ec93e2a7549f1b20e13a711483bb13d96fa

SHA512
d959107181c587338a964a93a765ce0d8a5816959385932468b5230ebd928ca7399278f4bc7e544364911776af0cdf3604f7f11ad93d21258aa6ec859b308276

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe

Filesize
468KB

MD5
88ea50b8965274a00fbc3f268a244ae6

SHA1
a3b209b75399dc74b2251fbfc5b21e077bf0b4b4

SHA256
260dff0cf4b9ec44c92e26d5bb6b18af5f879deb7257061eedf75914496952f6

SHA512
fc4632f86b3ba1b10a6fe4ca2293528e6882d3b23eeb820af7df13250c23c0d290b0ac7105b99f9217561de7b8f058b810d0bcd39b86a8da61de8703bf1e3876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe

Filesize
468KB

MD5
ab0cae203d05a441e502b9ba97c6b82e

SHA1
4f99ca56b3ca6f05ac427cf51296219e2e1972a7

SHA256
11e9e37a649b9aa1863e1af5284c1aa0e97445cc374450ee2cebefacc97969d8

SHA512
719428ddda92d6a9e435b59a21878b5ab0d392ad39af4d9269647c296d1d562a1159f9c394acbb9c55c5c5565ae97599b1b041a80cb93d2f21899cbd240da111

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe

Filesize
468KB

MD5
aedb1f3482b2263bb41f4dc963a38f3d

SHA1
8e2fe81e92edf0cb05faa2bfc290aabd999ed6de

SHA256
acc12326a924b230a5135e0d7001ebff33369d803b908f39cbbe7819ea693bea

SHA512
c18271ef91884024e05d67c1dbd5f9ac5f768a624b86e4c9b3d172bced5a089f93c374bd706c7cff12e6cef4d86b41d0077afe76d3657cc00a6952a29c05ad13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe

Filesize
468KB

MD5
926d3f7759cf6979147dffd2dc763628

SHA1
13286a4f6db0529a01e6125fa9c5491e954b3fb9

SHA256
9811c8174227a6f2c1325c8bab68219cd4194bd7d834d6059eb50082087a1078

SHA512
ed9ac05c733b4d735737086ea4056157ded51eed876d25043af5c99d4f92fe4fb00fc00df6554bd87ca812417623587d58e6aa5d96d0359f48f8ca2895345b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe

Filesize
468KB

MD5
d85ae2aed31253a613dbc8384351fada

SHA1
378cd4880ab76a00a3cb90bd8209764d4ae68aac

SHA256
b2a0fcf578e067386db217efe1af8f9d12f48626e997bc9ddce045017dbc06b4

SHA512
2da6e5cba2918ca29e71d8d0113804edca46783df8881f8d43a90a035e9b1d11fc6f3b0847f819a8bdc7d848d955a89e608d12af3c826f1ca9ad22f8d85ea9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe

Filesize
468KB

MD5
0d7e43e786e05d057fb8d48fa1a47e99

SHA1
47f776e6e819bdb401df216b0f957370965a572c

SHA256
4fd8761aee0f90726b1dfded0a71526eaf8eb4501442840da5d8d3fa45bf9820

SHA512
807acf379f203653c85056d586423d16fdb22c7f01474e46b1d526119def76d5dd67c97d1ab9152914990e847398d38c72982dc337fe1718c0d2d37da4673771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe

Filesize
468KB

MD5
619e6276f3b20ceb523ffee0f5794a36

SHA1
857b94339ce2b89eb657757a54f8136109369705

SHA256
eafc2c354f2fd7689c84d854dba16ae99a210c7c4708c3388cc0fe4c4351e8b5

SHA512
43d251c0cf9e42407d2d344af6d19b975c1b0df102b82479d773de63ac7bf43b494777ca15656df69ba59920eb161098cfe91d333e4c55ac7579f0ea8ac7939c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26706.exe

Filesize
468KB

MD5
421dbb37ce1581b8f9b47be92a124034

SHA1
810f52d3e6f333d13d510a098965cc6410fa2635

SHA256
c7a39f71dce69535e1dec7e2f64c3c2c78436255e9c65b57380c402a8fe99084

SHA512
9d043d36739f5f6c2d5653ce4c720cd1ab70b42ab783a8f6068f1f3492c549578cfa87172f42b976168736a8edc382acf046e0c582ddf10cb90eeab063278a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe

Filesize
468KB

MD5
abeaa54c71da3bfb4e0e491b5f12cfd3

SHA1
2681b56528709067de67026c17f5e404fbe0a161

SHA256
7c0aa6332c208684f89982486f508f83117931f0b33f7762e8826f624d77330e

SHA512
c1d72424b818ead3371d57d456b3732cce8db1c4144875a97d0da117b5c1d01d1bec7d30ba40d070c6761838a595177320fb471a09df0922e1fd444afa37f2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe

Filesize
468KB

MD5
827480552481302168583a6bb1d77796

SHA1
3b8a5f5bc47ce5e963e65dc89c403471c8f3fe06

SHA256
0bf40917fc0a99673adbd565bd4bb875db83856404d0d766741fd6fae74d9489

SHA512
c122145b2933cb8a593d2aa87090e801a755d8455417040a52d94ac57b897592f5c6e963b3be42babf1126f2d991f62965124898aefc9f7ac6681e39f79e46aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe

Filesize
468KB

MD5
da420c091c44398c1ac8aa2259ae63a9

SHA1
a5f96b1319892b8ea06c299176edcf58b8238545

SHA256
7352e6702b20cdbbd01499b7cbf815302f8f5104e3dabbcef8becf0bc53ae3d6

SHA512
be3456e6fc8caf18a63d4576213cbcd53a78a20f0f2f4057fcf00859018228381eccfa3201aab310a0acf55d7b9fb4aade0eec1366cc60ae4bb998a8ee601743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe

Filesize
468KB

MD5
595d56e6bcd3b04bb8273ae8d3f4eade

SHA1
91e7137c8233bac6a293613416438a8eb87632ef

SHA256
ab66e58bdff6184f91627fa4ff06c6c4cfecdf7dfc547f92883b219145a92dd3

SHA512
58fbb6c5254c49772f8883994b6f908f400264da995b2bbd994baab5e388365b8d2c44d4254552a4d70b2697ed701bb4ea0374ed1f6c9c88ac14d5f0cca3138e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe

Filesize
468KB

MD5
42ed591990d834888ac5feafb670f135

SHA1
504778250fd0cc21a573cea4539c46a0c1ac49e9

SHA256
e29a833fb502e96a9dbc18774a6902a9e5df37470429b6203c91f14037ea3443

SHA512
ad35a79cb7fb4becc2bb1890f026fc4c4a25424560d686b61661d1a5c988c910ca9a61ab9c6334cf1a76ff4cc76597e5d85321014e2a60081eacf4ef4c30f14e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe

Filesize
468KB

MD5
2fb83a27a49476bf2d0b4166dfd185d6

SHA1
7dc4db468999097c879cfa270c9b0f19b5cfe01b

SHA256
fddddb4a4d2237d49b526dccded4477410ee5e6d4d769d0ad705da6ffe1706e0

SHA512
3a5e44be0388df85e87896626184168f6a618f190ec1b486b125a14a407a785062dd110d08cdd364becf05ecbb1c2c81d3c41f05c3f9fbac7e02c99a733ffe03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe

Filesize
468KB

MD5
e60490bd37468232d00371bff2321489

SHA1
1f7799e74fface4203c6d1045123afd8f0ab9c69

SHA256
6dbadde3037eb13b739be21f05653f83874ce77f5013ea867cd222c552658e88

SHA512
3af7d373a796f39b28c892a116df0bb9b8631ad8641561257fe0935f2ea4f1b2c574256742fa94dc3dee5d897f7b8fc7c10d00341fb5e2e1123a4c5a14e9fc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe

Filesize
468KB

MD5
a2d9cfbeda4616aee050029879a2a468

SHA1
03592b017aa0b521463c35064a69853783872c37

SHA256
242cf813e4d272a43456c4d00fc2c3a085782122c7ee85db09914562f6856aab

SHA512
2b58d15a462c93cf512dd9c5eca9d03e15aee1c2963eb3809a3a30e0245bab1b3cb5e87558224ee101b102a895d7157e6617d86838d26c5d4c26e305b850a4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe

Filesize
468KB

MD5
295c55c35b4c63bce13678a7f89e506a

SHA1
93353c16727e7ed0b80b8da4e89b8595edb89c1c

SHA256
322c994f09bc653d9d6b34299d9a20bbb9700c2ac50e3384fd73b2706872296f

SHA512
761e7e9d797538ba2dd3531c5f2af9d706d3d030207b1801db93e0c06ec531040dd75baceaacee35cff9794005c41e0639ae59263b79ce740ad49db7cb399bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe

Filesize
468KB

MD5
8116b51dfebf3268b02e5d5298f929a6

SHA1
54807d7c630acf0829e9a5d784bdf8aaf9397db5

SHA256
268d01368b8f3db20da4c9f70ba1fbc11c311e1d0a3f665dcae5f95f1c4cf1db

SHA512
b33cceacdf1872120f9aa96e4ced2b7eb8d50941c54bfb9688486c0cdd1cdc3db5e12c2794b662ee12d22188b2d79b8e0147e761b2bcf2962c9f816090d08cfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe

Filesize
468KB

MD5
d6c3c12b628010449684be9fdfa8b5fd

SHA1
66b12ead1a3bb39ebb5edd9225fef9fe0dfb2d84

SHA256
354f4941bf47e4cc90296ce7fd509278adcc5c8ca2c686ae9f26cdabf9d9054f

SHA512
fe497e69385e290ec5cb411d1e86a2bf123b0d80ecf074a07ab9208386b4fb13252a440ebf7881dd138f7aec8de93d9ff466e79f8c9f47eaf3d62736ed33713b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe

Filesize
468KB

MD5
92258281eb24e84355e17b827a7ecd40

SHA1
e0e60960fa60695fae29b8679ef7d220057b8049

SHA256
f0753b9869a9307ec891d4abbb24ba21c4dc4494ad73457ad80f6985b9674db3

SHA512
d94f1c7f7c216f3bd9cb6b513f2d3c116a98446d89dcf304eaf845b12dabfa86e2009ecfbf31d313b6c9b7ca911d993bfbf6cfd67dbf70b224ea95dab8e3a70d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe

Filesize
468KB

MD5
6774c912afe6c2dcca250f0d67900db0

SHA1
f14d9aa855f80484b2138deb84e60384c0cdb9b2

SHA256
a4bd18f92cdfc850761f2c787664325102c922b2524e15fba334d3e2a3c3bbf4

SHA512
5ad50b1e323e4526559c38294f71da29f516f2749e03d34a9772e4d68e7d4c3e3f9a28f9b0ed0fb69efc461a98c70d32585aec5844c21e2dd49bf49f0a3a3328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52761.exe

Filesize
468KB

MD5
0b59c249f5263989ab24abd52500928e

SHA1
a09a76699b5d7688e5e48609cc4b6260caeee3a2

SHA256
1e7433bacc7cb349ed31b8b184fd236b80d1a31fe3a7ef35f870690598b5a8c0

SHA512
1fa7d3de173723cd55c96972850d84f7a96c466cf472a1641563062bdc69d5352e90f91eb6a806bbc9253324098b5b9d681d6b5a53355002c56677da4ce7cb21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe

Filesize
468KB

MD5
c43654cbc749def900e502109c4bf594

SHA1
0a5f5e1615fe6c38329e2756c9ae2cae19fe1c62

SHA256
e97528f9f5d873aea039bffd0bafb01ac886906d1e7e492fb83c8e2830efc0e6

SHA512
65ced0d366bafaed4229bb45e6c42a40dc1aedc79c0db48c3b29efaa38151a6838d84cd2e708a6091673efc2078e7f16207fed0d394b1303399f709f188f98b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe

Filesize
468KB

MD5
3bba250abbd321a24cf1ed2a8e2c84cc

SHA1
73873fb005a9d42dd8562927cd40e0abb202ce30

SHA256
3b7ecdcf6fb95c3628528c9bca4f6bbc8a7fd5208869e83c2aa30db82d391a81

SHA512
1ffec9747bfbe077c19a430157dde95e1302bcb0b26452a1be26c8e50c6f9cf8d3efd76d58792479fdb3ee48cd3a72d40769ce78303bfa3b46364ca1cd0e72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe

Filesize
468KB

MD5
411b2664774c7764d6efe9f51b236e26

SHA1
826dd94d65fc728c8301129f8593762a475713c8

SHA256
282db213c7ddfc78e31c889cf145fa8c9610e8333c58494dd82ef3ad2976d4c7

SHA512
b4224fd0fcec0cbc94ac76aaa592bdf1f97c6375db336dbe9b022240e491b2b141e6cfb0ce34e41288b1d037bc1d232c1b785119a23d3b4d5267f31921041190

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7089.exe

Filesize
468KB

MD5
bc04412d7a0f848839239f2821d54771

SHA1
8fab181933d16a2c5af5ecbcb0f8892db1708561

SHA256
294a7a20445088e0ccabc3149ab6f78ea240528cda8cb3de4ba9a42f06ddb4cc

SHA512
3e2118616be9bf2f55938185b028bcf1be4896f0e9d45f278292ef86590c7354791d2dd9a6b4c26e9be1cd8a692deaf11e55d750f7b50148566992f168daecdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe

Filesize
468KB

MD5
7e3387475af9f10edc81e53927b4c99c

SHA1
7286a653e2b675077384d8c0a78958f067503a13

SHA256
6ee15a0809dc927f00ddfb070c03c5c4d22e09889effa3305a5ebc70930b31af

SHA512
1fe8376b99f1af2d0da2f76b6c8b163c9558d46afaabdd45fbfd67aa822f12710ad04bc2e05148263f5c377a4b9fb74ee2e85b0e27eda33da01feb62a7dc811e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads